[Cryptography] Passwords (Smallest feasible work factor today?)
Kent Borg
kentborg at borg.org
Wed Sep 7 17:26:46 EDT 2022
On 9/7/22 14:07, Phillip Hallam-Baker wrote:
> If rate limits are an acceptable control, there would have never been
> the need to introduce the stupid special characters in the first
> place. If Mallet is limited to 5 tries in an hour, Alice could use a
> simple password with little risk.
I think there are decent arguments that all those password format rules
/are/ pointless. Though I do grudgingly admire them as a way make it a
little more difficult to recycle passwords, as a password that satisfies
one set of rules often doesn't satisfy the next set.
My ATM card has a 4-digit PIN. Certainly the PIN isn't the only security
measure in play, but as part of the larger system can work quite well.
Somewhat smaller than 2^80, too.
-kb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220907/26f576ec/attachment.htm>
More information about the cryptography
mailing list