Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Passphrase
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Compared to passwords== Passphrases differ from passwords. A [[password]] is usually short—six to ten characters. Such passwords may be adequate for various applications if frequently changed, chosen using an appropriate policy, not found in dictionaries, sufficiently random, and/or if the system prevents online guessing, etc.{{Citation needed|date=January 2024}}, such as: * Logging onto computer systems * Negotiating keys in an interactive setting such as using [[password-authenticated key agreement]] * Enabling a smart-card or PIN for an [[ATM card]] where the password data (hopefully) cannot be extracted But passwords are typically not safe to use as keys for standalone security systems such as encryption systems that expose data to enable offline password guessing by an attacker.<ref>{{Cite news|last=Urbina|first=Ian|date=November 19, 2014|title=The Secret Life of Passwords|work=The New York Times Magazine|url=https://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html}}</ref> Passphrases are theoretically stronger, and so should make a better choice in these cases. First, they usually are and always should be much longer—20 to 30 characters or more is typical—making some kinds of brute force attacks entirely impractical. Second, if well chosen, they will not be found in any phrase or quote dictionary, so such dictionary attacks will be almost impossible. Third, they can be structured to be more easily memorable than passwords without being written down, reducing the risk of hardcopy theft. However, if a passphrase is not protected appropriately by the authenticator and the clear-text passphrase is revealed its use is no better than other passwords. For this reason it is recommended that passphrases not be reused across different or unique sites and services. In 2012, two Cambridge University researchers analyzed passphrases from the [[Amazon PayPhrase]] system and found that a significant percentage are easy to guess due to common cultural references such as movie names and sports teams, losing much of the potential of using long passwords.<ref>{{cite web|last1=Godwin|first1=Dan |date=March 14, 2012 |title=Passphrases only marginally more secure than passwords because of poor choices |url=https://arstechnica.com/business/2012/03/passphrases-only-marginally-more-secure-than-passwords-because-of-poor-choices/|access-date=9 December 2014}}</ref> When used in cryptography, commonly the passphrase protects a long machine generated [[key (cryptography)|key]], and the key protects the data. The key is so long a brute force attack directly on the data is impossible. A [[key derivation function]] is used, involving many thousands of iterations ([[Salt (cryptography)|salted]] & hashed), to slow down [[password cracking]] attacks.
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Passphrase
(section)
Add topic
