[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <003F93A6-69BB-44C1-B587-6229284A2CD3@patpro.net>
Date: Sat, 9 Apr 2016 12:23:05 +0200
From: Patrick Proniewski <patpro@...pro.net>
To: passwords@...ts.openwall.com
Subject: Re: Passphrases: syntax vs entropy
On 09 avr. 2016, at 10:36, e@...tmx.net wrote:
>> I trust you on the math here, but I'm skeptical about your hypothesis.
>> You take into account the full Oxford English Dictionary,
>> [but] a "real" dictionary is probably 3000 to 10000 words long.
>>
>> You state that W^8/7294 [...] is significantly greater than W^7,
>> but that's true only for W > 7294.
>> For most users, W might be lower than 7294
>
> You forgot the premise. we are not talking about protecting every individual user, we are talking about the properties of the passwords!
>
> The question is: does this password creation scheme provide sufficient protection? Yes it does.
Ok. I'm almost always thinking as the attacker, being my-self a "hobbyist" user of JtR. It helps a lot when I need to teach a user about what is a bad/poor password choice. This bias does not help much when I come across a work like yours. Thanks for the explanations.
patpro
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
