Not so much, actually, as long as you control what you mean by entropy. http://xkcd.com/936/ :)
See the response here by Akton: http://programmers.stackexchange.com/questions/167235/how-can-i-estimate-the-entropy-of-a-password -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Friday, February 8, 2013 12:41 PM To: NT System Admin Issues Subject: Re: Passsword Meter On Fri, Feb 8, 2013 at 11:54 AM, Shauna Hensala <[email protected]> wrote: > Try this one from Steve Gibson's site: > https://www.grc.com/haystack.htm That one simply deduces the character set and computes permutations, which is not a terribly good measure of password strength. The original one (http://www.passwordmeter.com/) also checks for certain patterns, but it doesn't use a dictionary, which means it's also not a terribly good measure of password strength. In particular, it rates "Passw0rd!" at 70%. Ideally, password meters should measure entropy, but that's hard to deduce. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
