<div dir="ltr">Let me Google that for you<div><br></div><div><a href="http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf">http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf</a></div><div><br>
</div><div>There is no absolute standard for the entropy of user generated passwords. 92 bits of entropy is consistent with the calculation on page 105 of the referenced NIST document.<br><div class="gmail_extra"><br><div>
<div dir="ltr"><div style>You should have that cough looked at.</div></div></div>
<br><br><div class="gmail_quote">On Mon, Mar 4, 2013 at 3:25 PM, Michael H. Warfield <span dir="ltr"><<a href="mailto:mhw@wittsend.com" target="_blank">mhw@wittsend.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br><div class="im">
> These 14-character passwords have 92 bits of entropy, which according to<br>
> the NIST estimate is the same as a user-generated password of 76 characters.<br>
> """<br>
<br>
</div>Reference? I'd like to see the date on that and ascertain that it's a<br>
standard and not just a discussion paper from NIST (sort of the same as<br>
the difference between standards track RFC's and informational RFC's at<br>
the IETF).<br><br></blockquote><div><br></div><div><br></div><div> </div></div><br></div></div></div>