01-25-2013, 03:52 AM
(01-11-2013, 02:07 PM)atom Wrote: This topic seems to be really important for you.
Respectfully, it is pretty important for WPA work. Things like Diceware have been around for a long time but people are starting to realize that there is a certain measure of security to be gained simply by bigger-is-better. And with WPA/WPA2 already forcing you to use at least eight, even the most security-blind users are already past the half way point on password length limitations.
A paper from Carnegie Mellon was released recently on the trend towards long passwords. Hashcat gets mention in the paper:
Effect of Grammar on Security of Long Passwords
Although they don't mention (unless I missed it) that Hashcat has a length limitation, a number of their tests start at 16 character-length passwords and go up. The paper is not focused on WPA but they've done some interesting research into how people choose passphrases and reinforces the idea that password length is important. Worth a read.