Educause Security Discussion mailing list archives
Re: Password entropy
From: Graham Toal <gtoal () UTPA EDU>
Date: Thu, 20 Jul 2006 10:01:13 -0500
Which is a better password? abcdefghijklmnopqrstuvwxyz 1angtPalftmThe second one is better by far. Cracking time is a function of entropy, the more basic the pattern, the less entropy. The first 'password' you show has a very simple pattern.
Has anyone mentioned NIST FIPS 181 yet? I don't personally think it's all that great, but I suspect it does wonders for complaints from the auditors... (talking of entropy, you need a good entropy generator for a random password generator. I've seen so many obfuscated sources which boiled down in the end to either a 16 bit PRNG seed, or using a clock() value that could be guessed to within a few minutes! I think FIPS 181 uses your previous password as a seed, which has to be pretty dubious!) G http://www.itl.nist.gov/fipspubs/fip181.htm
Current thread:
- Re: Password entropy, (continued)
- Re: Password entropy scott hollatz (Jul 19)
- Re: Password entropy Valdis Kletnieks (Jul 19)
- Re: Password entropy Dave Koontz (Jul 19)
- Re: Password entropy Basgen, Brian (Jul 19)
- Re: Password entropy Basgen, Brian (Jul 19)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Graham Toal (Jul 20)
- Re: Password entropy Valdis Kletnieks (Jul 20)
- Re: Password entropy Basgen, Brian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Basgen, Brian (Jul 20)
- Re: Password entropy Harold Winshel (Jul 20)
- Re: Password entropy Harold Winshel (Jul 20)
- Re: Password entropy Graham Toal (Jul 21)
- Re: Password entropy Roger Safian (Jul 21)
- Re: Password entropy Valdis Kletnieks (Jul 23)
- Re: Password entropy Roger Safian (Jul 23)
(Thread continues...)