> *****
> To join, leave or search the confocal microscopy listserv, go to:
> http://lists.umn.edu/cgi-bin/wa?A0=confocalmicroscopy
> *****
>
> On 8/11/2011 11:29 AM, Tao Tong wrote:
>
>> But "correct horse battery staple" are composed of all common dictionary
>> words, and it is not immune to dictionary attack. co01ho02ba03st04 is a
>> little better.
>>
>> Better still, from a phrase like this:
>>
>> Go ahead, make my day.
>>
>> you get gammd from the first letters from each word, then throw in some
>> variations, such as gAmmD0809
>>
>> Shoud be much better, easy to remember, hard to crack.
>
> If we consider a 9 character password and assume that the characters can be one of 128 ASCII characters, we get a total of (128)^9 possible combinations, or 9.2 x 10^18.
>
> If we assume that English contains 50,000 "common" words that a dictionary would need to contain (--I think that would be a conservative estimate, since English has a total vocabulary of about 250,000 words and capitalizations, proper names, etc would all need to be considered) and limit our password to 4 words, we would get 6.3 x 10^18--i.e. almost the same.
>
> My sense is that the "four-words" strategy would probably work, as long as the resulting password were reasonably long and word order were truly random (i.e., not "big dog bit me").
>
> From what others have observed, it sounds as if the real place tackle password security is on the server: to limit logon attempts to one every 5 seconds or so--short enough not to drive users nuts but long enough to hamper brute-force attacks.
>
> Martin
> --
> Martin Wessendorf, Ph.D.                   office: (612) 626-0145
> Assoc Prof, Dept Neuroscience                 lab: (612) 624-2991
> University of Minnesota             Preferred FAX: (612) 624-8118
> 6-145 Jackson Hall, 321 Church St. SE    Dept Fax: (612) 626-5009
> Minneapolis, MN  55455                    e-mail: [hidden email]