To add to this excellent xkcd comic, the following site also exists : Password Haystacks.

or

## dudewhatdoesmytattoosay

(Click to find out, I’ll wait).

Pretty sweet indeed. What a difference.

Anyways, the reason I’m linking this stuff is that this would make a great lesson in exponents. While the first password uses far more letters and symbols, so it has a large base, since the power is only 6 there aren’t as many permutations to try. But the second password’s power of 23 fully compensates for the smaller base of letters to check.

The buy-in for this type of problem is that I’d bet that most students would pick T@+t0O as the stronger password. It’s a fun day in math class when you can fight (false) intuition.

## 5 thoughts on “Password Strength”

1. Really strong work, Dan. I’d had that xkcd comic on my desk for awhile but I couldn’t find the hook so I moved on. “Which is the better password?” has the kind of concision, perplexity, and guesswork I prize in the first act and, like you point out, the answer isn’t a little counter-intuitive.

2. josh g. says:

Nice. It’s also worth having this URL in your back pocket if discussion continues along the lines of “but what if everyone did this?”

http://www.diceware.com

Contains a couple of different lists of common words indexed by five digit numbers with digits from 1-6, such that you can roll some dice to generate a memorable, incredibly secure password. It also explains why this method is secure even if someone knows you used that site to create the password (as long as you use at least 4-5 words in total).

1. Some hilarious tips on the diceware website:

Some Tips
For maximum security make sure you are alone and close the curtains. Write on a hard surface – not on a pad of paper. After you memorize your passphrase, burn your notes, pulverize the ashes and flush them down the toilet.