Date: Sat, 3 Sep 2016 18:00:03 -0500 From: "Denny O'Breham" <obreham@...il.com> To: passwords@...ts.openwall.com Subject: Re: Authentication process 'Complexity' is the rules that are required for passwords such as minimum length, lower & upper cases, digits and special characters. More and more passwords have to pass a 'strength' test before being accepted (ex.: blacklist) and if you look at the video in my previous email, some want to forbid certain patterns. With 'trusted' I refer to the fact that no matter how you will restrict the password that are allowed, people will always find some sort of pattern to help memorizing it. Even if you ban the most popular patterns of today, it seems that we think so much alike that we will all choose the exact same next pattern available ... until it will be ban as well. People who cracks those password will then just follow the trend. Thus my comment, "user-defined passwords could never be trusted" and only truly random passwords should be used, such that a pure brute force attack is the only solution for guessing a password. But there are not user-friendly, especially ones with enough entropy to withstand the brute force attacks of powerful machines. On Sat, Sep 3, 2016 at 4:53 PM, e@...tmx.net <e@...tmx.net> wrote: > Your Password Complexity Requirements are Worthless - >> > > what is "password complexity" > > > I came to the conclusion that user-defined passwords could never be >> trusted. >> > > what do you mean "trusted" > > Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.