Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at

hpr1620 :: Passwords, Entropy, and Good Password Practices

This episode explores the best password practices from a mathematical viewpoint with recommendations

<< First, < Previous, , Latest >>

Thumbnail of Ahuka
Hosted by Ahuka on 2014-10-17 is flagged as Clean and is released under a CC-BY-SA license.
passwords, entropy. 8.
The show is available on the Internet Archive at:

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:21:33

Privacy and Security.

In this open series, you can contribute shows that are on the topic of Privacy and Security

Right now for most of us the key to any security in our online life is the degree of entropy in our passwords. So what is entropy, and how does it affect our passwords?

Entropy is in general the degree of randomness or disorder in any given system. Sometimes it is very easy to assess, such as a password of 1234, which all too many people use. Because it is a simple sequence, there is no real randomness at all, and would be quickly guessed. And as we saw in the last tutorial, such passwords are quickly discovered in a dictionary attack. There are things you can do to make it less likely that your password will be cracked and used against you. - For more go to



Subscribe to the comments RSS feed.

Comment #1 posted on 2014-10-17 12:49:49 by cybergrue

Dangerous advice

Another good episode, but the advice on using haystacks was dangerous. As you mentioned, the search space is becoming to large to sytematiclly search, so password crakers have evolved. One method they use is to take found words (not just out of a standard dictionary, such as all the words in wikipedia, other languages, leaked password lists, etc.) and try these plus varients like padding with additional characters, combining multiple words together (with and without spaces). In one news story, a password cracking package was breaking passwords that were 55 characters long! These passwords were weak (common words strung together like the xkcd advice are particularly vulnerable) but it does show there are no short-cuts in creating a good password, it has to be completely random, mixed cases with symbols and numbers and long! I would have submitted a responce show, but I think that this is too important, and that you should be the one to say this.

Comment #2 posted on 2014-10-17 18:06:45 by John

Thanks, very interesting information. I appreciate you taking the time to do this, and the other podcasts you contribute. All the best, John

Comment #3 posted on 2014-10-21 19:34:45 by Kevin O'Brien

Please do a show

Cybergrue, I think you should do a show. It would be a great contribution. I have never thought that my opinions were the last word on anything, and I welcome dialog, as Ken Fallon can attest.

Comment #4 posted on 2014-10-22 06:15:53 by Ken Fallon

Very good show but 2 comments

1. The use of the word Hacker without prefixing it with malicious 2. Many systems restrict the length and type of characters that can be used

Comment #5 posted on 2014-10-22 20:42:21 by Kevin O'Brien

Yes and ...

Guilty on the first point. I should have been more precise.

On the second point, are you saying that it is _good_ to restrict length and characters in passwords? Because if so I would love to hear your reasoning. Maybe I missed something in my analysis.

Comment #6 posted on 2014-10-23 17:17:44 by pokey

Another Excellent episode

Full of Great information, and presented in an entertaining way, by a man who could (and did) keep listeners engaged while reading the phone book. Thanks for everything you do for HPR, Ahuka.

cybergrue, 1. a great point. Thank you. 2. Please do a show detailing this. You're a member of our community, so we want to hear from you as well. It doesn't have to be long, it just has to be you. TIA.

Comment #7 posted on 2014-10-24 19:36:47 by Ken Fallon


No length restrictions are not good, nor are charachter restrictions. Yet it is a fact that these restrictions exist.

Comment #8 posted on 2014-10-30 11:35:35 by Mike Ray

Pasting passwords?

This is probably a stupid question about passwords. I recently had reason to believe I had been attacked by a key-stroke harvesting nasty, and it prompts the question; is it a good idea, or even is it remotely effective, to paste a password from the clipboard if it has been copied from another document? This at least gets round the key-stroke bandits, right?

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Anti Spam Question: What does the letter P in HPR stand for?
Are you a spammer?
What is the HOST_ID for the host of this show?
What does HPR mean to you?