# hpr1620 :: Passwords, Entropy, and Good Password Practices

### This episode explores the best password practices from a mathematical viewpoint with recommendations

Hosted by Ahuka on 2014-10-17 is flagged as Clean and is released under a CC-BY-SA license.
Tags: passwords, entropy.
Listen in ogg, spx, or mp3 format. | Comments (8)

### Part of the series: Privacy and Security

In this open series, you can contribute shows that are on the topic of Privacy and Security

Right now for most of us the key to any security in our online life is the degree of entropy in our passwords. So what is entropy, and how does it affect our passwords?

Entropy is in general the degree of randomness or disorder in any given system. Sometimes it is very easy to assess, such as a password of 1234, which all too many people use. Because it is a simple sequence, there is no real randomness at all, and would be quickly guessed. And as we saw in the last tutorial, such passwords are quickly discovered in a dictionary attack. There are things you can do to make it less likely that your password will be cracked and used against you. - For more go to http://www.zwilnik.com/?page_id=530

Links:

# Comments

Subscribe to the comments RSS feed.

#### Dangerous advice

Another good episode, but the advice on using haystacks was dangerous. As you mentioned, the search space is becoming to large to sytematiclly search, so password crakers have evolved. One method they use is to take found words (not just out of a standard dictionary, such as all the words in wikipedia, other languages, leaked password lists, etc.) and try these plus varients like padding with additional characters, combining multiple words together (with and without spaces). In one news story, a password cracking package was breaking passwords that were 55 characters long! http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/
These passwords were weak (common words strung together like the xkcd advice are particularly vulnerable) http://xkcd.com/936/ but it does show there are no short-cuts in creating a good password, it has to be completely random, mixed cases with symbols and numbers and long!
I would have submitted a responce show, but I think that this is too important, and that you should be the one to say this.

##### Comment #2 posted on 2014-10-17T18:06:45Z by John

Thanks, very interesting information. I appreciate you taking the time to do this, and the other podcasts you contribute. All the best, John

#### Please do a show

Cybergrue, I think you should do a show. It would be a great contribution. I have never thought that my opinions were the last word on anything, and I welcome dialog, as Ken Fallon can attest.

#### Very good show but 2 comments

1. The use of the word Hacker without prefixing it with malicious
2. Many systems restrict the length and type of characters that can be used

#### Yes and ...

Guilty on the first point. I should have been more precise.

On the second point, are you saying that it is _good_ to restrict length and characters in passwords? Because if so I would love to hear your reasoning. Maybe I missed something in my analysis.

#### Another Excellent episode

Full of Great information, and presented in an entertaining way, by a man who could (and did) keep listeners engaged while reading the phone book. Thanks for everything you do for HPR, Ahuka.

cybergrue,
1. a great point. Thank you.
2. Please do a show detailing this. You're a member of our community, so we want to hear from you as well. It doesn't have to be long, it just has to be you. TIA.

#### NO!!!

No length restrictions are not good, nor are charachter restrictions. Yet it is a fact that these restrictions exist.

#### Pasting passwords?

This is probably a stupid question about passwords. I recently had reason to believe I had been attacked by a key-stroke harvesting nasty, and it prompts the question; is it a good idea, or even is it remotely effective, to paste a password from the clipboard if it has been copied from another document? This at least gets round the key-stroke bandits, right?

## Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
 Your Name/Handle: Title: Comment: Anti Spam Question: What does the P in HPR stand for ? Are you a spammer → Yes No Who hosted this show → Select a Host@einebiene2BFrankA Shadowy FigureAaressaarAccipiterAdamAhukaAkranisAlaldenpAlek GrigorianAlk3Alpha32AmunizpAndrew ConwayAnonymous HostaparanoidshellArcher72arfabArigornStriderAukonDKb-yeezib1ackcr0wBarimanBeezabeniBetobgryderclockBill "NFMZ1" MillerBill_MIBitboxBitviperbjbBlacKernelblackmathBlackratchetBob EvansBob TregilusBob WoodenBobJonkmanbobobexbookewyrmmBrad CarterbrianBrian in OhioBroamBrocktonBobbrother mouseBrotherredCarlccmusiqueCedric De VroeyChadCharles in NJcheeto4493Chess GriffinChristopher M. HobbsCibola JerrycidcjmclackeClaudio MirandacleaveyClinton Roycobra2code.cruncherCoder365CoGocoldstealcorenominalCottonballsCovcrvsCurbuntuCurtis Adkins (CPrompt^)cyanCybercodDaniel PerssonDannDanNixonDarkShadowDaveDave MorrissDave YatesDavid WhitmanDavid WillsondawDeb NicholsondeepgeekDeltarayDelwindesearcherdf99diablomarcusDick ThomasDigital ManiacDismal ScienceDismal Science and Sunzofman1DjBoodmfreydodddummyDominic UilanoDoorToDoorGeekdosmanDospoddoubiDoug FarrellDownerDr^ZigManDrake AnubisDravendroopsdual_parallelDude-mandwickEC LugEdward Miro / c1ph0rElectromanelelEmilien KleinEnigmaEpicanisEric DuhamelFacemanFamicomanfawkesfyreFiftyOneFifty (R.I.P.)Finfinuxfinux and code.cruncherFlaviu SimihaianFloyd C PoynterfolkyFrank BellFrederic CouchetfthGabriel EvenfiregarjolaGeddesGeoNineGermGNULinuxRTMgoibhniuguitarmanhakerdefohandsome_pirateHannah, of Terra, of SolHaqHeisenbugHelvetinHonkeymagooHPR VolunteersHPR_AudioBookClubimahuphInsciusIrongeekIronic SodiumJ-HoodJ. A. MathisJames Michael DuPont (h4ck3rm1k3)janedocJared MayesJason ScottjavatardJBu92jelkimantisJeremyJeroen BatenJezraJezra and NYbillJoeJoe WakumaraJoelJoel DJoey HessjohanvJohn DuarteJohninscJon DoeJon KulpJonathan NadeauJosh KnappjrobbJrulloJulian NeuerJustMeJWPKeith MurrayKen FallonKevieKevin BenkoKevin GranadeKevin WisherKFiveKillersmurfkitcheklaatuKn1ghtl0rdknightwiseKnoxkotrinkurakuraKynan DentL3pprd/ocCodelaindirLinLinlivindedLord Drachenblut (R.I.P.)lostnbronxLowtek MystikLuminaireLunarsphereLyle Lastingerm1rr0r5h4d35MadjimisimiMadRushmarcozMark ClarkeMark Katerberg and Courtney SchauerMark WatersMatt McGraw (g33kdad)matthewmattkingusaMc FrontalotMC SmedleyMerkMessymanMetatronMichael Foord Michal CieraszynskimightbemikeMike HingleyMike RayminnixmirovengimirwiMongomonochromecmonsterbMoral VolcanomordancyMorgellonMPardoMrEMrGadgetsMrsXokeMrXMubixN50Nacho JordiNeandergeekNeodragonNewAgeTechnoHippieNido MediaNihilazonjuliannoplacelikeslashhomenorristNYbillNYbill and Windigoo9lOnlyHalfTheTimeoperat0rp0trill0Padraig Jeroen FallonPat from TLLTSPatrick L Archibald (R.I.P.)Paul QuirkpegwolePeterPeter64PhilipPhizonePhreakerD7PipeManMusicpixel JuicePixelfiendPlexipokeyponyboypope523pyrrhicQuvmohReg ARho`nRichard HughesriddleboxRiley Gelwicks (glwx)RillriscphreerkirkRoadrunnerRobin CatlingrootoutcastrowinggolferRujiRuss Wennersaras foxScedhaschismscriptmunkeeScynerSealSeeteesemioticroboticShane ShennanShannon Wrightsigflupsikilpaake and badbitSilverSkirletskryeslick0SlurrySome Guy On The Internetsp0russp0rus and biosshadowspacemanspaceoutspiffytechStankDawgSteve BickleSteve SanerSteve SmethurstStilvoidStitchSunzofman1Svenswift110tcucTgtm News TeamThaj SaraThe Air Staff of Erie Looking ProductionsThe Alien Brothers Podcast (ABP)The BishopThe Linux Experimentthe_remoraTheDUDEthelovebugthewtexThistlewebThoughtPhreakerthreethirtytimttmytmacuk Toby MeehanTodd MitchellToeJetTony Hughes AKA TonyH1212Tony PelaezTottenkophTracy Holz_HolzsterTreyTrixterTrumpetJohntuturtoUberChickUnderrunerUrban KoistinenUTOSCVarious Creative Commons WorksVarious HostsvenamW3lshrarebitweexwilljasenWindigoWintermute21x1101XcaliburXokeXtratoYannickZachZachary De SantosZen_Floater2 What does HPR mean to you ?