|
|
|
|
|
|
by Kranar
1610 days ago
|
|
|
This article uses an outdated scheme for password entropy/strength originally published in the early 2000s by NIST. The scheme they use can be found at [1]. NIST has since dropped their recommendation for how to calculate the entropy of a password as it turned out that it was basically bunk and provided no actual security. It was understandable at the time to come up with some system to evaluate password strength and the original scheme made what I guess could be sensible assumptions about the distribution of human generated passwords, but an actual empirical analysis of their scheme conducted on 32 million passwords demonstrated that it was basically worthless and consequently NIST has dropped their entropy calculating guidelines [2]. [1] https://cubicspot.blogspot.com/2011/11/how-to-calculate-pass... [2] https://834e27ae-a-62cb3a1a-s-sites.googlegroups.com/site/re... |
|
|