Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKws9z1TxgV6SzBOL-CQTkkWHP7ozx+UpX1uJ8Eo_txAeX+e6A@mail.gmail.com>
Date: Sat, 9 Jul 2016 14:25:40 -0400
From: Scott Arciszewski <scott@...agonie.com>
To: passwords@...ts.openwall.com
Subject: Re: Don't Scratch Your Entropy

I prefer "misinformed". It depends on their character though.



Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>

On Sat, Jul 9, 2016 at 2:17 PM, e@...tmx.net <e@...tmx.net> wrote:

> On 07/09/2016 08:09 PM, Scott Arciszewski wrote:
>
>> Entropy must describe the password pool your password exists
>> in, not the password itself.
>>
>
> not "must"
> it DOES.
>
> now make the next step:
> entropy is completely irrelevant because the attacker will use ANOTHER
> POOL -- he is not obliged to use the same pool the defender used.
> (and this is the principal source of the "BIG SURPRISE" on the "experts"
> part)
>
> (b) every "security expert" pronouncing "entropy", without defining
>>>
>> the distribution or at very least the pool of candidate passwords, is a
>> brain dead buffoon.
>>
>> That's a bit harsh.
>>
>
> how do you call a pompous imbecile who pronounces words without knowing
> their meaning a little bit?
>
>

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.