Subject: Re: security/10206 - proposed solution (concept)
To: None <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 08/17/2005 13:08:43
Content-Type: text/plain; charset=us-ascii
On Wed, Aug 17, 2005 at 02:10:02PM -0400, Thor Lancelot Simon wrote:
> On Wed, Aug 17, 2005 at 01:05:22AM +0300, Elad Efrat wrote:
> > Hi,
> > I've written concept code, still work in progress, that allows an
> > admin to set a password policy in /etc/passwd.conf.
> > The current version has the following options when setting a policy:
> > minlen, maxlen, upper, lower, digits, punct.
> I'd like to see a "zbits" option: how many bits of entropy are in
> the password as approximated by the size when compressed with some
> reasonable compressor. Not so useful with short passwords, quite
> useful when one is requiring long phrases.
Is there a tool that will measure this? I'd like to measure the entropy in=
my passphrases. I realize it's an approximate measure, but none the less=20
For the moment, I have tried compressing a file containing the passphrase
(both gzip -9 and bzip -9) and comparing the file length with that of a
compressed file that contained just a space (to estimate file format
overhead). Is that a reasonable estimator?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----