Date: Sun, 4 Sep 2016 05:51:20 +0200 From: "e@...tmx.net" <e@...tmx.net> To: passwords@...ts.openwall.com Subject: Re: Authentication process On 09/04/2016 05:39 AM, Denny O'Breham wrote: > /«what do you mean "strength"?»/ > > Refusing certain passwords judged too weak so "strength" is also equal to "password policy" so "strength" == "complexity" == "password policy" what is a reason of breeding so many synonymous terms? > /«are you fighting against memorability?»/ > > Not fighting it. Just saying that memorability = pattern = lack of > randomness. outright baseless nonsense. > A user-defined password will always lead to this. non-sequitur. > /«why do you concentrate on brute force guessing?/ > /do you discard all intelligently designed dictionaries? > / > /why?»/ > > User-defined passwords could never be trusted ok, as i have already established "trusted"=="accepted" you say: since user defined passwords should be rejected therefore we should not assume that the attacker has a carefully crafted dictionary. do you really think it is a legitimate line of reasoning? > /«_ONES_ have entropy of exactly ZERO.//»/ > > By 'ones' I was referring to 'truly random passwords'. yes, they all have entropuy == 0 > I'm not sure about the definition of password entropy you are referring > to, but you can find mine on Wikipedia sorry, the word "entropy" was claimed long before you (in 1946 as far as i remember), please invent your own word if you are to redefine something.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ