On Fri, Nov 25, 2011 at 01:30:05PM +0100, Stein Magnus Jodal wrote:
On Fri, Nov 25, 2011 at 12:16, Lukas Fleischer <archlinux@cryptocrack.de> wrote:
Out of curiosity - why would you need a password with more than 32 characters? If you use a password manager and create random passwords anyway, there's no need to create such long passwords. Assuming that your password contains lower-case and upper-case letters, as well as numbers, you won't gain any extra security when using passwords longer than ~22 characters (it'll be easier to brute-force a MD5 collision than finding the correct password in this case). Even if we used SHA-1, passwords with a length of 27 characters would already give you the maximum amount of security possible.
I use the pwsafe password manager, which defaults to passwords with 160 bits of entropy, which usually means 32 chars with special chars or 39 chars with just numbers and letters in lower and upper case. I agree that there's no need for having passwords of this length, but passwords managers with longer default lengths than 32 chars do exist, and it's really no reason for stopping people from using long passwords. Having maxlength on a password field only suggests that the password is stored in plain text.
Identifying 160 bits of entropy with 32 chars is weird... Even if we only use alphabetic characters and digits, ceil(log(2 ^ 160) / log(2 * 26 + 10)) = 27 characters should be sufficient...
You should try to configure your MUA not to break long lines when sending patches... The best alternative is to use `git send-email` :)
Sorry, I'm usually using GitHub for all git cooperation, and Gmail is really suboptimal for sending patches :-)
You can add a link to your GitHub repository next time you send a patch so that I can pull and don't have to go through the pain of fixing the patch before feeding it to git-am(1).
-- Stein Magnus Jodal