Oleksandr Gavenko -> debian-russian@lists.debian.org @ Mon, 30 Nov 2015 16:46:11 +0200: >>A password is not strong because it is long; it is strong because it includes >>a lot of randomness.
OG> Есть ли метр, выдающий сколько бит энтропии в пароле? OG> По условиям для последовательности слов: OG> http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf OG> Entropy varies greatly depending on whether a password is selected by a user OG> or is generated randomly. Statistically, guessing the first character of a OG> password selected by a user is tough, but guessing the second is easier and OG> the third is easier yet. The NIST guidelines give the first character 4 bits OG> of entropy when using the 94 characters available on standard keyboards, but OG> only 2 bits for each of the next seven characters, and so on. OG> Randomly selected passwords do not display patterns, so each character OG> carries the same level of entropy, about 6.6 bits. OG> пароль в 64-bit будет длиной 31 символ - 5/6 слов. Против 10 случайных OG> символов от генератора (которые фиг запомнишь). "Юзер набирает пароль с пятого раза, а хакер подбирает с третьего". Ты попробуй пару раз безошибочно ввести 31 символ, не видя реакции на ввод...
