Phil Stracchino:
> On 2/13/23 13:30, Viktor Dukhovni wrote:
> > The apparent user name was "dnew...@networktest.com", and the password,
> > though partly mangled, was something like:
> >
> > dialer-vinegar-agora-fastness3
> > ??????
>
> That looks similar to the xkcd password generation scheme ... which
> sounds good if you don't really think about it, but actually is
> shockingly cryptographically weak, something like 1.5-2.5 bits of
> entropy per WORD if memory serves.
If there are ~2 bits per word, then each word is selected
from ~4 possible values. That would indeed be very weak.
Wietse
