Educause Security Discussion mailing list archives

Re: Password entropy

From: Jimmy Kuo <cjkuo () VERIZON NET>
Date: Mon, 24 Jul 2006 11:35:12 -0700

Lately, I've been touting keyboard patterns.

In the face of this discussion on password entropy, I note that keyboard
patterns are NOT that secure IF you devise a cracker that understands
entropy in terms of keyboard patterns.

So the question would be, 1) do the password crackers understand keyboard
patterns?  2) If they do, doesn't that throw a couple bits into the entropy
of a standard phrase since you can't just rely on the rules of English any
more?

Thanks.

Jimmy

PS.  If anyone can point me to papers that have already been written about
the pros and cons of keyboard patterns, I'd appreciate it.

Current thread:

Re: Password entropy, (continued)
- Re: Password entropy Valdis Kletnieks (Jul 23)
- Re: Password entropy Harold Winshel (Jul 24)
- Re: Password entropy Robert Kerr (Jul 24)
- Re: Password entropy Graham Toal (Jul 24)
- Re: Password entropy Roger Safian (Jul 24)
- Re: Password entropy Graham Toal (Jul 24)
- Re: Password entropy Valdis Kletnieks (Jul 24)
- Re: Password entropy Basgen, Brian (Jul 24)
- Re: Password entropy Roger Safian (Jul 24)
- Re: Password entropy Harold Winshel (Jul 24)
- Re: Password entropy Jimmy Kuo (Jul 24)
- Re: Password entropy Valdis Kletnieks (Jul 24)
- Re: Password entropy Roger Safian (Jul 25)
- Re: Password entropy Basgen, Brian (Jul 25)
- Re: Password entropy Alan Amesbury (Jul 25)
- Re: Password entropy Valdis Kletnieks (Jul 25)