I believe the NSA came up with a value of 0.6 eventually, but agree that it's sound advice.
a -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: 11 August 2011 02:07 To: NT System Admin Issues Subject: Re: Almost, but not quite OT: Passwords On Wed, Aug 10, 2011 at 5:33 PM, Crawford, Scott <[email protected]> wrote: > Interesting. I'd like to understand how the bits of entropy are calculated though. As a rule of thumb, English has about one bit of entropy per character. (It's more complicated than that, of course, and figures and formulas vary, but it's each to remember that "1 char == 1 bit".) This is because English (like most/all human languages) has a lot of redundancy, rules, patterns, etc. An 8 character truly random password is hugely different than an 8 character English word. So, a 16 character pure English language password is roughly equivalent to a 16 bit key private key. The deliberately broken crypto used in "US export approved" software in the 1990s, generally considered to be worthless, still had a 40 bit keyspace. Kind of puts things in perspective. Again as a rule of thumb, it's more useful to have a long password than a complicated one. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ************************************************************************************ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. "CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE" ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
