Educause Security Discussion mailing list archives
Re: Password entropy
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 20 Jul 2006 11:53:46 -0400
On Thu, 20 Jul 2006 10:01:13 CDT, Graham Toal said:
to within a few minutes! I think FIPS 181 uses your previous password as a seed, which has to be pretty dubious!)
Well, unless the previous password has been compromised, it's a reasonably valid source for at least a *few* entropy bits. Of course, if it has been compromised, it adds zero bits of entropy. Of course, knowing how users usually pick passwords, you can probably get more entropy from the timing jitter as they type the old password, than from the password itself. :)
Attachment:
_bin
Description:
Current thread:
- Re: Password entropy, (continued)
- Re: Password entropy Valdis Kletnieks (Jul 19)
- Re: Password entropy Dave Koontz (Jul 19)
- Re: Password entropy Basgen, Brian (Jul 19)
- Re: Password entropy Basgen, Brian (Jul 19)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Graham Toal (Jul 20)
- Re: Password entropy Valdis Kletnieks (Jul 20)
- Re: Password entropy Basgen, Brian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Basgen, Brian (Jul 20)
- Re: Password entropy Harold Winshel (Jul 20)
- Re: Password entropy Harold Winshel (Jul 20)
- Re: Password entropy Graham Toal (Jul 21)
- Re: Password entropy Roger Safian (Jul 21)
- Re: Password entropy Valdis Kletnieks (Jul 23)
- Re: Password entropy Roger Safian (Jul 23)
- Re: Password entropy Roger Safian (Jul 23)
(Thread continues...)