lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 6 May 2015 09:18:42 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Maximising Pseudo-Entropy versus resistance to Side-Channel Attacks

It looks like real password entropy may be even lower than what I found
when trying to compress passwords.  This paper
<http://www.jbonneau.com/doc/B12-IEEESP-analyzing_70M_anonymized_passwords.pdf>
suggests the median password entropy of Yahoo users is only 21.6 bits!

The utility of an additional 6.64 bits seems pretty important to me.

Bill

Content of type "text/html" skipped

Powered by blists - more mailing lists