--0OAP2g/MAC+5xKAE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 17, 2005 at 02:10:02PM -0400, Thor Lancelot Simon wrote:
> On Wed, Aug 17, 2005 at 01:05:22AM +0300, Elad Efrat wrote:
> > Hi,
> >=20
> > I've written concept code, still work in progress, that allows an
> > admin to set a password policy in /etc/passwd.conf.
> >=20
> > The current version has the following options when setting a policy:
> > minlen, maxlen, upper, lower, digits, punct.
>=20
> I'd like to see a "zbits" option: how many bits of entropy are in
> the password as approximated by the size when compressed with some
> reasonable compressor.  Not so useful with short passwords, quite
> useful when one is requiring long phrases.

Is there a tool that will measure this? I'd like to measure the entropy in=
=20
my passphrases. I realize it's an approximate measure, but none the less=20
interesting.

For the moment, I have tried compressing a file containing the passphrase
(both gzip -9 and bzip -9) and comparing the file length with that of a
compressed file that contained just a space (to estimate file format
overhead). Is that a reasonable estimator?

Take care,

Bill

--0OAP2g/MAC+5xKAE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFDA5lLWz+3JHUci9cRApgGAJ4+9yNnOjTTTrgrdoyC16LTURdFPwCgmMLe
w4TUCjcHMMd1kcTlhqMN7xY=
=V6P1
-----END PGP SIGNATURE-----

--0OAP2g/MAC+5xKAE--