Date: Sun, 4 Sep 2016 03:09:08 +0200 From: "e@...tmx.net" <e@...tmx.net> To: passwords@...ts.openwall.com Subject: Re: Authentication process > 'Complexity' is the rules that are required for passwords such as > minimum length, lower & upper cases, digits and special characters. so "complexity" == "password policy" noted. > More and more passwords have to pass a 'strength' test before being > accepted (ex.: blacklist) what do you mean "strength"? > With 'trusted' I refer to the fact that no matter how you will restrict > the password that are allowed, people will always find some sort of > pattern to help memorizing it. are you fighting against memorability? > it seems that we think so much alike that we will all > choose the exact same next pattern available sounds plausible, Matt Weir made this point very clear with tangible data. > Thus my comment, "user-defined passwords could never be trusted" and > only truly random passwords should be used, non-sequitur. > But there are not > user-friendly, especially ones with enough entropy _ONES_ have entropy of exactly ZERO. by the definition of entropy. (look it up, by the way) ANY password has zero entropy. also worth noticing that you have destroyed any appeal to entropy (just few lines above, without my help) by showing how a password creation procedure is UNRELATED to a password guessing procedure. > brute force attacks of powerful machines. why do you concentrate on brute force guessing? do you discard all intelligently designed dictionaries? why? P.S. i understand by "trust" you mean "accept" am i right? PS/2 somebody impolitely and arrogantly claimed that EVERYBODY on the list is well informed about irrelevance of the entropy to the password guessing problem. care to take your words and insults back?
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ