[ale] evernote security breach
John Pilman
jcpilman at gmail.com
Mon Mar 4 16:04:44 EST 2013
Let me Google that for you
http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf
There is no absolute standard for the entropy of user generated passwords.
92 bits of entropy is consistent with the calculation on page 105 of the
referenced NIST document.
You should have that cough looked at.
On Mon, Mar 4, 2013 at 3:25 PM, Michael H. Warfield <mhw at wittsend.com>wrote:
>
> > These 14-character passwords have 92 bits of entropy, which according to
> > the NIST estimate is the same as a user-generated password of 76
> characters.
> > """
>
> Reference? I'd like to see the date on that and ascertain that it's a
> standard and not just a discussion paper from NIST (sort of the same as
> the difference between standards track RFC's and informational RFC's at
> the IETF).
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130304/8f7dfbcc/attachment.html>
More information about the Ale
mailing list