Date: Fri, 8 Apr 2016 00:10:14 +0200 From: "e@...tmx.net" <e@...tmx.net> To: passwords@...ts.openwall.com Subject: Section 3.4 of "A Canonical Password Strength Measure" This section has created most of the buzz. It is not the main point of the article, it is merely an example application. ...in the following sense: you had a feeling that a really long password (such a valid English sentence) would do the job -- i understand this sentiment, but without a clearly defined password strength measure we can not argue about it at all -- with the proposed measure you can actually claim that the strength of a passphrase is guaranteed to be higher than the mainstream "strong" passwords recommended by popular creation policies. or you can show me that this statement is wrong. either way it gives you some idea how to use the metric. of course, i believe that passphrases are strong and unbelievably convenient, but i admit i did not supply enough evidence for that in the present paper (because the focus of the paper is elsewhere). P.S. I am now trying to design a huge password memorability experiment involving all my ideas vs popular policies.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.