Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Secure Password Policy?

From: "Marek Isalski" <Marek.Isalski () smuht nwest nhs uk>
Date: Fri, 20 Jan 2006 08:24:24 +0000
Next step is to determine how many bits of entropy (B) are in each
character and the length of the password can be calculated:

 L = log(S)/B


For secure passphrases, using things like www.diceware.com might be a consideration.  It does away with per-letter 
entropy calculations and lets you securely build a passphrase with an almost precisely known entropy.

Regards,

Marek


-------------------------------------------------------------
This message has been scanned for all viruses by Sophos Sweep
<<<<GWAVAsig>>>>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: