Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Aug 2016 16:29:52 +0200
From: Per Thorsheim <per@...rsheim.net>
To: passwords@...ts.openwall.com
Subject: Re: GMOs And Passwords

Den 24.08.2016 16.22, skrev Jeffrey Goldberg:
> On 2016-08-24, at 1:14 AM, e@...tmx.net wrote:
> 
> [long analogy snipped]
> 
>> I know you are wondering what all this nonsense has to do with
>> passwords. Well, this is all about the information entropy, which
>> you do happily assign to your passwords without even a glimpse of
>> doubt: IS IT REALLY A QUALITY OF A PASSWORD??? CAN I CREATE A
>> CHARACTERISTIC RELATION THAT MAPS PASSWORDS ON REAL NUMBERS AND IS
>> A FUNCTION???
> 
> You do realize that you are preaching to the choir here? Everyone (or
> almost everyone) on this list is fully aware that the strength of a
> password is not a function of the password itself.
> 
> This, however, does not mean that password strength meters are
> useless. Even dumb strength meters can encourage people to improve
> passwords. And some password strength meters are less bad than
> others.

As scientifically shown in papers examining use of, and gamification of
password strength meters. Although, if I remember correctly, the account
in question must represent some value to the user in order for them to
care about password strength. If it is just a throwaway account ("for
testing purposes only" as an example), 123456 is still sufficient enough
right there and then.

.per

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ