Date: Wed, 24 Aug 2016 16:29:52 +0200 From: Per Thorsheim <per@...rsheim.net> To: passwords@...ts.openwall.com Subject: Re: GMOs And Passwords Den 24.08.2016 16.22, skrev Jeffrey Goldberg: > On 2016-08-24, at 1:14 AM, e@...tmx.net wrote: > > [long analogy snipped] > >> I know you are wondering what all this nonsense has to do with >> passwords. Well, this is all about the information entropy, which >> you do happily assign to your passwords without even a glimpse of >> doubt: IS IT REALLY A QUALITY OF A PASSWORD??? CAN I CREATE A >> CHARACTERISTIC RELATION THAT MAPS PASSWORDS ON REAL NUMBERS AND IS >> A FUNCTION??? > > You do realize that you are preaching to the choir here? Everyone (or > almost everyone) on this list is fully aware that the strength of a > password is not a function of the password itself. > > This, however, does not mean that password strength meters are > useless. Even dumb strength meters can encourage people to improve > passwords. And some password strength meters are less bad than > others. As scientifically shown in papers examining use of, and gamification of password strength meters. Although, if I remember correctly, the account in question must represent some value to the user in order for them to care about password strength. If it is just a throwaway account ("for testing purposes only" as an example), 123456 is still sufficient enough right there and then. .per
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.