[talk] passwd entropy and strength

Eitan Adler lists at eitanadler.com
Sun Nov 5 14:19:16 EST 2017


On 5 November 2017 at 11:06, Brian Callahan <bcallah at devio.us> wrote:
>
>
> On 11/05/17 14:04, Jan Schaumann wrote:
>>
>> George Rosamond <george at ceetonetechnology.com> wrote:
>>
>>>
>>> So someone getting some of the passwd really just needs a "Wheel of
>>> Fortune" approach to determining a passwd in full.
>>>
>>> co__ect ho_se batte_y staple
>>>
>>> "Can I buy an 'r'?"
>>
>> It is rather rare that an attacker would have a partial password.
>

Y'all may be interested in NIST Special Publication 800-63-2 which
attempts to define entropy for human generated passwords.





-- 
Eitan Adler




More information about the talk mailing list