On Wed, 25 Jul 2007 08:29:10 +0200, Ertugrul Soeylemez wrote:

> Among passwords, which are trivial anyway, it's probably common, like
> "byebye", "johnnyjohn" or "boy boy boy". You will agree that serious
> passwords generally don't use repetition. Even if they do, the patterns
> aren't quite as obvious.

> Ari <arisilverstein@yahoo.com> (07-07-20 18:19:19):
>
>> Would you consider either of these serious passwords?
>>
>> 6:Q?-jiF6:Q?-jiF
>> 6:Q?-jiFFij-?Q:6
>
> Not really. Probably they are impractical to break for a random
> attacker, but it's still safer to use a completely random string without
> repetition. Then it also doesn't have to be so long.
>
> Regards,
> Ertugrul Söylemez.

I suppose this is the crux of my argument. On the order of practicality,
it is best to have the shortest possible password (easiest to remember).
You will need to have several (all eggs in one basket = no good). so the
shorter the better.

Unless the examples above, again rearranged so to be easily remembered
are, or combined into 32 character passwords...

Where is the point of best safety? One must assume a powerful adversary
to find that point. Or do we ever really know?