[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 9 Jul 2016 14:25:40 -0400
From: Scott Arciszewski <scott@...agonie.com>
To: passwords@...ts.openwall.com
Subject: Re: Don't Scratch Your Entropy
I prefer "misinformed". It depends on their character though.
Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>
On Sat, Jul 9, 2016 at 2:17 PM, e@...tmx.net <e@...tmx.net> wrote:
> On 07/09/2016 08:09 PM, Scott Arciszewski wrote:
>
>> Entropy must describe the password pool your password exists
>> in, not the password itself.
>>
>
> not "must"
> it DOES.
>
> now make the next step:
> entropy is completely irrelevant because the attacker will use ANOTHER
> POOL -- he is not obliged to use the same pool the defender used.
> (and this is the principal source of the "BIG SURPRISE" on the "experts"
> part)
>
> (b) every "security expert" pronouncing "entropy", without defining
>>>
>> the distribution or at very least the pool of candidate passwords, is a
>> brain dead buffoon.
>>
>> That's a bit harsh.
>>
>
> how do you call a pompous imbecile who pronounces words without knowing
> their meaning a little bit?
>
>
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
