Date: Sat, 9 Jul 2016 14:25:40 -0400 From: Scott Arciszewski <scott@...agonie.com> To: passwords@...ts.openwall.com Subject: Re: Don't Scratch Your Entropy I prefer "misinformed". It depends on their character though. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com> On Sat, Jul 9, 2016 at 2:17 PM, e@...tmx.net <e@...tmx.net> wrote: > On 07/09/2016 08:09 PM, Scott Arciszewski wrote: > >> Entropy must describe the password pool your password exists >> in, not the password itself. >> > > not "must" > it DOES. > > now make the next step: > entropy is completely irrelevant because the attacker will use ANOTHER > POOL -- he is not obliged to use the same pool the defender used. > (and this is the principal source of the "BIG SURPRISE" on the "experts" > part) > > (b) every "security expert" pronouncing "entropy", without defining >>> >> the distribution or at very least the pool of candidate passwords, is a >> brain dead buffoon. >> >> That's a bit harsh. >> > > how do you call a pompous imbecile who pronounces words without knowing > their meaning a little bit? > > Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.