On Wed, Aug 10, 2011 at 5:33 PM, Crawford, Scott <[email protected]> wrote: > Interesting. I’d like to understand how the bits of entropy are calculated > though.
As a rule of thumb, English has about one bit of entropy per character. (It's more complicated than that, of course, and figures and formulas vary, but it's each to remember that "1 char == 1 bit".) This is because English (like most/all human languages) has a lot of redundancy, rules, patterns, etc. An 8 character truly random password is hugely different than an 8 character English word. So, a 16 character pure English language password is roughly equivalent to a 16 bit key private key. The deliberately broken crypto used in "US export approved" software in the 1990s, generally considered to be worthless, still had a 40 bit keyspace. Kind of puts things in perspective. Again as a rule of thumb, it's more useful to have a long password than a complicated one. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
