Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Passphrase
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Compared to passwords== Passphrases differ from passwords. A [[password]] is usually short—six to ten characters. Such passwords may be adequate for various applications if frequently changed, chosen using an appropriate policy, not found in dictionaries, sufficiently random, and/or if the system prevents online guessing, etc.{{Citation needed|date=January 2024}}, such as: * Logging onto computer systems * Negotiating keys in an interactive setting such as using [[password-authenticated key agreement]] * Enabling a smart-card or PIN for an [[ATM card]] where the password data (hopefully) cannot be extracted But passwords are typically not safe to use as keys for standalone security systems such as encryption systems that expose data to enable offline password guessing by an attacker.<ref>{{Cite news|last=Urbina|first=Ian|date=November 19, 2014|title=The Secret Life of Passwords|work=The New York Times Magazine|url=https://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html}}</ref> Passphrases are theoretically stronger, and so should make a better choice in these cases. First, they usually are and always should be much longer—20 to 30 characters or more is typical—making some kinds of brute force attacks entirely impractical. Second, if well chosen, they will not be found in any phrase or quote dictionary, so such dictionary attacks will be almost impossible. Third, they can be structured to be more easily memorable than passwords without being written down, reducing the risk of hardcopy theft. However, if a passphrase is not protected appropriately by the authenticator and the clear-text passphrase is revealed its use is no better than other passwords. For this reason it is recommended that passphrases not be reused across different or unique sites and services. In 2012, two Cambridge University researchers analyzed passphrases from the [[Amazon PayPhrase]] system and found that a significant percentage are easy to guess due to common cultural references such as movie names and sports teams, losing much of the potential of using long passwords.<ref>{{cite web|last1=Godwin|first1=Dan |date=March 14, 2012 |title=Passphrases only marginally more secure than passwords because of poor choices |url=https://arstechnica.com/business/2012/03/passphrases-only-marginally-more-secure-than-passwords-because-of-poor-choices/|access-date=9 December 2014}}</ref> When used in cryptography, commonly the passphrase protects a long machine generated [[key (cryptography)|key]], and the key protects the data. The key is so long a brute force attack directly on the data is impossible. A [[key derivation function]] is used, involving many thousands of iterations ([[Salt (cryptography)|salted]] & hashed), to slow down [[password cracking]] attacks.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)