Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Apr 2016 20:00:51 +0200
From: "" <>
Subject: Password creation policies

Hello, all.

We must abandon the entire notion of a "policy", if we want a serious 
discussion about passwords.

The "password creation policy" concept is deeply MISLEADING. It confuses 
all our objectives and analytical tools with marketing and coercion.

We were talking (if only we can call it "talking") on twitter about 
defining and measuring password strength. Soon the discussion slipped 
into the "policy" discourse. Words fail me! -- how irrelevant your 
futile attempts to influence people are to the problem of password 
creation STRATEGY.

the attacker's and defender's strategies should be the subject.

[two paragraphs of swearing are skipped]

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.