Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 4 Sep 2016 05:51:20 +0200
From: "e@...tmx.net" <e@...tmx.net>
To: passwords@...ts.openwall.com
Subject: Re: Authentication process

On 09/04/2016 05:39 AM, Denny O'Breham wrote:
> /«what do you mean "strength"?»/
>
> Refusing certain passwords judged too weak


so "strength" is also equal to "password policy"
so "strength" == "complexity" == "password policy"

what is a reason of breeding so many synonymous terms?


> /«are you fighting against memorability?»/
>
> Not fighting it.  Just saying that memorability = pattern = lack of
> randomness.

outright baseless nonsense.

> A user-defined password will always lead to this.

non-sequitur.


> /«why do you concentrate on brute force guessing?/
> /do you discard all intelligently designed dictionaries?
> /
> /why?»/
>
> User-defined passwords could never be trusted

ok, as i have already established "trusted"=="accepted"
you say:

since user defined passwords should be rejected
therefore
we should not assume that the attacker has a carefully crafted dictionary.

do you really think it is a legitimate line of reasoning?


> /«_ONES_ have entropy of exactly ZERO.//»/
>
> By 'ones' I was referring to 'truly random passwords'.

yes, they all have entropuy == 0



> I'm not sure about the definition of password entropy you are referring
> to, but you can find mine on Wikipedia

sorry, the word "entropy" was claimed long before you
(in 1946 as far as i remember),
please invent your own word if you are to redefine something.



Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ