Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

Jiri Moskovcak jmoskovc at
Thu Oct 13 11:03:47 UTC 2011

On 10/13/2011 09:45 AM, Callum Lerwick wrote:
> On Wed, Oct 12, 2011 at 1:37 PM, Przemek Klosowski
> <przemek.klosowski at>  wrote:
>> Length beats out larger character set, which is nicely illustrated by
>> the XKCD cartoon
> Be careful, that xkcd strip glosses over how that phrase was actually
> generated. If you just pick words or sentences out of your head, you
> could actually have dangerously little actual entropy in your
> passphrase. Do NOT actually use spaces in your passphrase, the space
> bar typically makes a distinctive sound so an eavesdropper can
> potentially figure out how many words are in your passphrase, and the
> length of each word, narrowing their search window...

- well, to me "correct horse battery staple" seems random enough, but 
I'd like to ask everyone to not use it, because it's what I use as my 
password on every machine I have access to...


> He's assigning 11 bits of entropy to each word, 2^11 = a word list
> 2048 words long, which corresponds with S/KEY:
> There's also:
> Cryptographic security is all in the details, doing it even slightly
> wrong can completely destroy your security. Make sure to follow a
> proven strategy if you're going the passphrase route.
> Personally I've been generating passwords with "pwgen -s 12 1", or for
> really important stuff (like online banking), "pwgen -s 12 1". A
> different password for absolutely everything, all passwords are stored
> in a Revelation database protected by a REALLY long passphrase. I find
> its not that hard to remember a completely obscure 12-char password,
> after a day or two of frequent use, if you force yourself to actually
> type it in by hand rather than just cut-and-pasting from Revelation.
> Try just memorizing 2-4 chars at a time until you remember it all. I
> find I end up just consciously remembering the first 4 chars and
> muscle memory completes the rest...
> Also see:

More information about the devel mailing list