Talk:Password strength

Entropy table Diceware comparison

edit

The inclusion of Diceware on these tables (especially the Length one) isn't an apples-to-apples comparison, since each entry in the Diceware word list is a string of characters rather than a single character. All of the other examples are using the definition of "Length" to mean "number of characters", while the Diceware column represents "number of Diceware words", which are all multiple characters. While each Diceware word may add 12.9 bits of entropy, each character is no better than the "case insensitive Latin alphabet" calculation. Otherwise, you get to illogical conclusions like the All Extended ASCII Printable Characters string of "©▓" being less secure than a single character "g" generated via Diceware.

Not sure how to best word the clarification on this, but I'll give it some thought.

--Nichenbach (talk) 15:14, 2 August 2018 (UTC)Reply

Inherence?

edit

This article includes the word inherence. While this is an English word, I doubt that it has anything to do with the topic of this article. We no longer believe that substances are made up of four elements. David Spector (talk) 16:26, 27 May 2021 (UTC)Reply

I haven't followed this article but it's probably someone's broken English. The phrase "inherently insecure" occurs later in the article and that might have been what they were referring to. Perhaps the idea being that it would be inherently insecure if I used "Johnuniq" as my password? At any rate, the lead looks like it was written by passers-by; it needs a rewrite. Johnuniq (talk) 03:39, 28 May 2021 (UTC)Reply
I suspect that "inherence" on this page (and the referred-to authentication factors page) is used more in the context of "the quality, state, or fact of inhering", where inhering is "to be inherent". Merriam Webster claims the first usage in this context was 1577. ie. Usage of the word is fine; it's a dictionary definition, not a wikipedia defn. Nroister (talk) 03:33, 2 August 2023 (UTC)Reply

Entropy bits vs. bits of entropy

edit

The section Entropy as a measure of password strength contains the following language:

It is usual in the computer industry to specify password strength in terms of information entropy, which is measured in shannon (Sh) and is a concept from information theory. It can be regarded as the minimum number of bits necessary to hold the information in a password of a given type. Instead of the number of guesses needed to find the password with certainty, the base-2 logarithm of that number is given, which is commonly referred to as the number of "entropy bits" in a password, though this is not the same quantity as information entropy.

Later in the article, we discuss "bits of entropy" without defining the term. These are just two different phrases denoting the same thing, right? It would be helpful to be consistent, or at least provide a definition of "bits of entropy" before using it.

Comments? Mr. Swordfish (talk) 21:00, 17 September 2023 (UTC)Reply

Wiki Education assignment: Cybersecurity Policy

edit

  This article was the subject of a Wiki Education Foundation-supported course assignment, between 8 January 2024 and 30 April 2024. Further details are available on the course page. Student editor(s): RKM757 (article contribs). Peer reviewers: Smallick84.

— Assignment last updated by MrLavoie (talk) 00:46, 20 February 2024 (UTC)Reply