Talk:Password strength
This is the talk page for discussing improvements to the Password strength article. This is not a forum for general discussion of the article's subject. |
Article policies
|
Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
Archives: 1, 2Auto-archiving period: 3 months |
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||||||
|
Entropy table Diceware comparison
editThe inclusion of Diceware on these tables (especially the Length one) isn't an apples-to-apples comparison, since each entry in the Diceware word list is a string of characters rather than a single character. All of the other examples are using the definition of "Length" to mean "number of characters", while the Diceware column represents "number of Diceware words", which are all multiple characters. While each Diceware word may add 12.9 bits of entropy, each character is no better than the "case insensitive Latin alphabet" calculation. Otherwise, you get to illogical conclusions like the All Extended ASCII Printable Characters string of "©▓" being less secure than a single character "g" generated via Diceware.
Not sure how to best word the clarification on this, but I'll give it some thought.
Inherence?
editThis article includes the word inherence. While this is an English word, I doubt that it has anything to do with the topic of this article. We no longer believe that substances are made up of four elements. David Spector (talk) 16:26, 27 May 2021 (UTC)
- I haven't followed this article but it's probably someone's broken English. The phrase "inherently insecure" occurs later in the article and that might have been what they were referring to. Perhaps the idea being that it would be inherently insecure if I used "Johnuniq" as my password? At any rate, the lead looks like it was written by passers-by; it needs a rewrite. Johnuniq (talk) 03:39, 28 May 2021 (UTC)
- I suspect that "inherence" on this page (and the referred-to authentication factors page) is used more in the context of "the quality, state, or fact of inhering", where inhering is "to be inherent". Merriam Webster claims the first usage in this context was 1577. ie. Usage of the word is fine; it's a dictionary definition, not a wikipedia defn. Nroister (talk) 03:33, 2 August 2023 (UTC)
Entropy bits vs. bits of entropy
editThe section Entropy as a measure of password strength contains the following language:
- It is usual in the computer industry to specify password strength in terms of information entropy, which is measured in shannon (Sh) and is a concept from information theory. It can be regarded as the minimum number of bits necessary to hold the information in a password of a given type. Instead of the number of guesses needed to find the password with certainty, the base-2 logarithm of that number is given, which is commonly referred to as the number of "entropy bits" in a password, though this is not the same quantity as information entropy.
Later in the article, we discuss "bits of entropy" without defining the term. These are just two different phrases denoting the same thing, right? It would be helpful to be consistent, or at least provide a definition of "bits of entropy" before using it.
Comments? Mr. Swordfish (talk) 21:00, 17 September 2023 (UTC)
Wiki Education assignment: Cybersecurity Policy
editThis article was the subject of a Wiki Education Foundation-supported course assignment, between 8 January 2024 and 30 April 2024. Further details are available on the course page. Student editor(s): RKM757 (article contribs). Peer reviewers: Smallick84.
— Assignment last updated by MrLavoie (talk) 00:46, 20 February 2024 (UTC)