Collaborate Disseminate
I recently had to change my password on a linux server (RedHat). It wouldn’t let me use my password of choice because it was "too similar" to my previous password. Is this really reasonable? My previous password was 13 charact… Continue reading Rationale behind disallowing the use of similar passwords?
Chase banking has two odd restrictions on their accepted passwords.
Passwords have a maximum length of 32 characters
Passwords can not contain special characters or punctuation
I am a software developer that has built auth/auth systems i… Continue reading Should I be concerned if a website has password restrictions that reduce complexity?
I’ve seen estimations that the NSA is capable of at least 1 trillion (PGP pass phrase) guesses per second, which would mean a password with 80 bits of entropy would take, on average, over 15,000 years to guess. However, this estimation was… Continue reading How many bits of entropy should a password have to be reasonably future proof (10+ years)?
One way to build a password is to take the first letter from each word in a sentence. For example, the password "Itsfrqbtwaawwnsl" comes from the sentence
"I tried searching for related questions but they were all about whol… Continue reading What is the entropy of a password made from the initial letters from an English sentence [duplicate]
I understand this question is more for a psychologist or a linguist to answer, but I’d imagine having a thread on the security section of stackexchange for known password entropies practically used could be itself useful.
At least from per… Continue reading What is the maximum practical limit for secret storage in the human brain?
The quest for truly random numbers is something to which scientists and engineers have devoted a lot of time and effort. The trick is to find an unpredictable source of …read more Continue reading Random Numbers From A Smoke Detector
I understand that, when storing data on the cloud or something else that might get leaked to the public, the security margin should be at least 128 bit, 256 bit should be used for data that should stay secure over 20-30 years.
If I use a s… Continue reading How much entropy is needed for encrypting data locally?
I was not able to mathematically prove that all permutation and substitution ciphers satisfy H(X)=H(Y) if we say that Y is the set of ciphertexts while X is the corresponding set of plaintexts in Shanon Entropy?
I maintain an operating system that can be deployed to embedded devices with highly diverse capabilities. One of the aspects of porting the OS to a device is declaring the available entropy sources (including, but not limited to, dedicated… Continue reading Are weak entropy sources worth it?
I’m creating a quantum random number generator as part of my thesis.
As part of the research phase, I’m trying to substantiate my aspertion that encryption is significantly weakened if a computer system has poor entropy available to it.
Ho… Continue reading Attacks Relying on Poor Entropy