Difference between revisions 52979836 and 55024117 on enwiki

The '''NeoSmart Password Model''' is the name of an initiative started by [http://neosmart.net/ NeoSmart Technologies] to introducing [[password]]s built on a basis of complex/foreign characters in an attempt to reach a higher degree of security. 

== The Traditional Password Model ==
(contracted; show full) of 4.7 bits per letter. If upper and lower case letters are used with 10 digits, there are 62 possibilities, for an entropy per character of 5.9 bits. Adding 32 ASCII special characters to the mix gives 6.5 bits per character.  NeoSmart researchers capped the base for non-ANSI unicode characters at 700, giving 9.5 bits per symbol.  A larger base of 1500 symbols would give 10.55 bits per symbol. Doubling the number of symbols increases the entropy per symbol by one bit.

== What this means for security ==

The NeoSmart web siteTechnologies claims such passwords are actually "uncrackable",  based on the fact that current [[password cracking]] programs do not the full range of Unicode characters (see their whitepaper [http://www.neosmart.net/forums/index.php?gettopic=10 The Advent of Uncrackable Passwords]). However, password cracking programs have, in the past, quickly adapted to new techniques. Once password programs begin to compensate for the NeoSmart Password Model, passwords will move from being actually uncrackable with today's technology to being "virtually" uncrackable due to the immense amount of time and resources (centuries) required to crack such a password.

In general, using a wider range of possible symbols increases password security. A three symbol random NeoSmart password would have 28 bits of entropy, the same strength as six random letters. To the extent that password cracking programs have not yet adapted to this method, the symbol-based password would be less likely to be cracked.

One problem with this method is that not all programs accept passwords in Unicode. Another problem is entering the symbols. On many operating systems, this can be done by pressing the "Alt" key and entering a code number. However if this is done, there is no reason to restrict oneself to a subset of Unicode; any valid code could be used. One would memorize the code sequence rather than the symbol.

If symbols for new passwords are not presented randomly, there is a high likelihood users will select more familiar symbols, making the cracker's job easier.

== External Links ==
*[http://www.neosmart.net NeoSmart Technologies]
*PDF [http://www.neosmart.net/forums/index.php?gettopic=10 The Advent of Uncrackable Passwords]

All content in the above text box is licensed under the Creative Commons Attribution-ShareAlike license Version 4 and was originally sourced from https://en.wikipedia.org/w/index.php?diff=prev&oldid=55024117.

This site is not affiliated with or endorsed in any way by the Wikimedia Foundation or any of its affiliates. In fact, we fucking despise them.