Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 4 Sep 2016 05:51:20 +0200
From: "" <>
Subject: Re: Authentication process

On 09/04/2016 05:39 AM, Denny O'Breham wrote:
> /«what do you mean "strength"?»/
> Refusing certain passwords judged too weak

so "strength" is also equal to "password policy"
so "strength" == "complexity" == "password policy"

what is a reason of breeding so many synonymous terms?

> /«are you fighting against memorability?»/
> Not fighting it.  Just saying that memorability = pattern = lack of
> randomness.

outright baseless nonsense.

> A user-defined password will always lead to this.


> /«why do you concentrate on brute force guessing?/
> /do you discard all intelligently designed dictionaries?
> /
> /why?»/
> User-defined passwords could never be trusted

ok, as i have already established "trusted"=="accepted"
you say:

since user defined passwords should be rejected
we should not assume that the attacker has a carefully crafted dictionary.

do you really think it is a legitimate line of reasoning?

> /«_ONES_ have entropy of exactly ZERO.//»/
> By 'ones' I was referring to 'truly random passwords'.

yes, they all have entropuy == 0

> I'm not sure about the definition of password entropy you are referring
> to, but you can find mine on Wikipedia

sorry, the word "entropy" was claimed long before you
(in 1946 as far as i remember),
please invent your own word if you are to redefine something.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.