Re: Проверка сложнойсти паролей.
Oleksandr Gavenko -> debian-russian@lists.debian.org @ Mon, 30 Nov 2015 16:46:11 +0200:
>>A password is not strong because it is long; it is strong because it includes
>>a lot of randomness.
OG> Есть ли метр, выдающий сколько бит энтропии в пароле?
OG> По условиям для последовательности слов:
OG> http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
OG> Entropy varies greatly depending on whether a password is selected by a user
OG> or is generated randomly. Statistically, guessing the first character of a
OG> password selected by a user is tough, but guessing the second is easier and
OG> the third is easier yet. The NIST guidelines give the first character 4 bits
OG> of entropy when using the 94 characters available on standard keyboards, but
OG> only 2 bits for each of the next seven characters, and so on.
OG> Randomly selected passwords do not display patterns, so each character
OG> carries the same level of entropy, about 6.6 bits.
OG> пароль в 64-bit будет длиной 31 символ - 5/6 слов. Против 10 случайных
OG> символов от генератора (которые фиг запомнишь).
"Юзер набирает пароль с пятого раза, а хакер подбирает с третьего". Ты
попробуй пару раз безошибочно ввести 31 символ, не видя реакции на
ввод...
Reply to: