Which release should we be using?

Faramir faramir.cl at gmail.com
Fri Aug 26 23:53:21 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 26-08-2011 15:08, David Tomaschik escribió:
> On Fri, Aug 26, 2011 at 12:31 PM, Faramir <faramir.cl at gmail.com>
> wrote:
....
>> According to keepass strength measurer, you can get more than 128
>> bits with just 30 characters (including some symbols of course).
...
> I really like KeePass, but the strength measure it provides is
> nearly meaningless.  It assumes 8 bits of entropy per symbol, which
> is, as Aaron pointed out, wrong.  Suggested readings:

  Maybe in past it did that, but version  it assigns different values to
different symbols. I just tried it, and from a to z, it gives 5 bits
each symbol, but ñ gives 7 bits. / gives 4, = gives 5, ! gives 4 bits.

  But, while a = 5 bits, and != 4 bits, a!= 11 bits. I don't know how it
does the calculations, but clearly it has become a lot more complex
(which doesn't mean it has become more accurate). Another check: qwerty=
4 bits, but qytrwe= 29 bits. Unfortunately, I couldn't find any detail
about the algorithm used to measure the password quality. Anyway,
probably some quality checking is better than not checking at all, even
if the calculated bits are wrong.

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJOWBXRAAoJEMV4f6PvczxA/9cH/jkS/lf9v1ZXGi6NsjTmIJbj
pp0x7ze4gGolL0kCfS7uHY9asP1n5Lr2a+DSKSkgST67I6VCESDoAZFSu0cXHH5o
YKMdXI75Zxjgz2O7iX/JmaQYCAxVOiIM077pzWEaF0w6O7mLaKTBtwZgfWIl0sEj
JedfjJ0oWDYkoI5qNOs7tYdCNHFkYrx8Fxqvvwa+YgMu8LubBXSx6EOeFI8+oEYZ
kTlh4qJLTziIrScVnV5SuhP0parKcVJSsQhiwUPd4r4ZvtrBxrUwG1JGZscIeLHr
3ekcNhYhVBEN5Ze7JXycbEivrqLS6Cn5BA02Ew48P31ZP+RzEGJ/WvyzO5wGZqE=
=Sbtk
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list