Password complexity recommendations – “xez&pAxat8Um” or “P4$$w0rd!!!!”?

PDF

Authors
  1. Salois, M.
Corporate Authors
Defence Research and Development Canada, Valcartier Research Centre, Quebec QC (CAN)
Abstract
The password-cracking world is in turmoil. Many new technologies, such as graphic cards (e.g., NVidia CUDA or ATI/AMD GPUs), make easily available computing power that was previously reserved to very rich organizations. Many efficient tools followed using these technologies, for better or for worse. This report illustrates the type of performance one can obtain from a generic $2,000 computer and the lessons to learn on password length for different web sites and software programs. The larger conclusion is that an 11-character password, containing uppercase-lowercase-digits- symbols, is the ideal length for the foreseeable future when no other information is available. More characters are always better; less can be dangerous in the current state of the technology. The use of a password manager, a program that generates and manages strong, complex passwords, is strongly recommended.

Il y a un résumé en français ici.

Keywords
password management and complexity;public cryptography and hash
Report Number
DRDC-RDDC-2014-R27 — Scientific Report
Date of publication
01 Oct 2014
Number of Pages
34
DSTKIM No
CA039565
CANDIS No
800491
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: