Previously, on Cubic : The main character introduced a broad analysis of a new algorithm for calculating the entropy of passwords so that a threshold may be applied and weak passwords rejected. Will our hero's new algorithm pass more rigorous testing or will his arch nemesis Statistics Boy defeat it? Let's find out! Since my last publication, I've been busy doing some other things. But this week I got back to working with this algorithm to see how good it actually is. My primary goals with my tests were to figure out how well it performs against real-world data and to determine a baseline entropy threshold for the algorithm that rejects most bad passwords. And what better real-world data is there than to use databases of passwords that were stolen from hacked websites? I ended up testing against two types of information. The first type were hacking dictionaries. These are specially formulated files designed to defeat commonly selected weak passwords. The latter
Here you will find all sorts of great information or rants, whichever, about the software industry, products I use, and tips.
If you find a nifty piece of software you think I should be using, forward it to me in the comment of the latest post.