how long should a password be?

Mark H. Wood mwood at IUPUI.Edu
Thu May 22 21:00:40 CEST 2008


FWIW I usually use a gadget called 'apg' to generate random
passwords.  It has a mode in which it will only produce strings that
are pronounceable (sometimes just barely so), which I find a great aid
to memorability.  For example, I can recall my home WEP key easily
even though I almost never see it.  Usually setting a minimum of 8
characters produces a satisfactory result.

If I want something much longer than that, I make up a phrase or
sentence using one or two random strings from apg as "words".

I have not tested the strength of these choices, but I'm satisfied
that they produce something better than I would without mechanical
aid.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/attachments/20080522/1fe27e38/attachment.pgp>


More information about the Gnupg-users mailing list