Talk:Password strength

This is the talk page for discussing improvements to the Password strength article.
This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic.
New to Wikipedia? Welcome! Learn to edit; get help.

Article policies

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Archives: 1, 2: 90 days

Computing High‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles

High

This article has been rated as High-importance on the project's importance scale.

This article is supported by WikiProject Computer Security (assessed as High-importance).

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Cryptography: Computer science High‑importance

	This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
High	This article has been rated as High-importance on the importance scale.
	This article is supported by WikiProject Computer science (assessed as High-importance).

Systems Mid‑importance

	Systems science portal This article is within the scope of WikiProject Systems, which collaborates on articles related to systems and systems science.SystemsWikipedia:WikiProject SystemsTemplate:WikiProject SystemsSystems articles
Mid	This article has been rated as Mid-importance on the project's importance scale.
	This article is within the field of Software engineering.

Entropy table Diceware comparison[edit]

The inclusion of Diceware on these tables (especially the Length one) isn't an apples-to-apples comparison, since each entry in the Diceware word list is a string of characters rather than a single character. All of the other examples are using the definition of "Length" to mean "number of characters", while the Diceware column represents "number of Diceware words", which are all multiple characters. While each Diceware word may add 12.9 bits of entropy, each character is no better than the "case insensitive Latin alphabet" calculation. Otherwise, you get to illogical conclusions like the All Extended ASCII Printable Characters string of "©▓" being less secure than a single character "g" generated via Diceware.

Not sure how to best word the clarification on this, but I'll give it some thought.

--Nichenbach (talk) 15:14, 2 August 2018 (UTC)[reply]

Inherence?[edit]

This article includes the word inherence. While this is an English word, I doubt that it has anything to do with the topic of this article. We no longer believe that substances are made up of four elements. David Spector (talk) 16:26, 27 May 2021 (UTC)[reply]

I haven't followed this article but it's probably someone's broken English. The phrase "inherently insecure" occurs later in the article and that might have been what they were referring to. Perhaps the idea being that it would be inherently insecure if I used "Johnuniq" as my password? At any rate, the lead looks like it was written by passers-by; it needs a rewrite. Johnuniq (talk) 03:39, 28 May 2021 (UTC)[reply]

I suspect that "inherence" on this page (and the referred-to authentication factors page) is used more in the context of "the quality, state, or fact of inhering", where inhering is "to be inherent". Merriam Webster claims the first usage in this context was 1577. ie. Usage of the word is fine; it's a dictionary definition, not a wikipedia defn. Nroister (talk) 03:33, 2 August 2023 (UTC)[reply]

Entropy bits vs. bits of entropy[edit]

The section Entropy as a measure of password strength contains the following language:

It is usual in the computer industry to specify password strength in terms of information entropy, which is measured in shannon (Sh) and is a concept from information theory. It can be regarded as the minimum number of bits necessary to hold the information in a password of a given type. Instead of the number of guesses needed to find the password with certainty, the base-2 logarithm of that number is given, which is commonly referred to as the number of "entropy bits" in a password, though this is not the same quantity as information entropy.

Later in the article, we discuss "bits of entropy" without defining the term. These are just two different phrases denoting the same thing, right? It would be helpful to be consistent, or at least provide a definition of "bits of entropy" before using it.

Comments? Mr. Swordfish (talk) 21:00, 17 September 2023 (UTC)[reply]

Wiki Education assignment: Cybersecurity Policy[edit]

This article is currently the subject of a Wiki Education Foundation-supported course assignment, between 8 January 2024 and 30 April 2024. Further details are available on the course page. Student editor(s): RKM757 (article contribs). Peer reviewers: Smallick84.

— Assignment last updated by MrLavoie (talk) 00:46, 20 February 2024 (UTC)[reply]