[Owasp-leaders] Stepping through password hashing options

Rogan Dawes rogan at dawes.za.net
Mon Jun 11 14:19:29 UTC 2012

On 11/06/2012 16:01, William Stranathan wrote:
> Jim:

> But again - you're spot-on in the summary - passwords are dead (at
> least I hope). As much as possible, I personally use passphrases and
> MFA.

Unfortunately, a passphrase is simply a password where the allowed 
character set includes [:space:].

Reference the linked in password cracking, which has unearthed a 29 
character password, comprising a verse from the bible:


So, even a long passphrase devolves into something crackable, so long as 
you restrict yourself to actual words, with minor punctuation.


More information about the OWASP-Leaders mailing list