Passwords stored by Firefox
Heinz Diehl
htd+ml at fritha.org
Sun Feb 15 14:43:55 UTC 2015
On 15.02.2015, Eddie G. O'Connor Jr. wrote:
> imagine if the "word" ISN'T a word that's found in the dictionary.....ANY
> dictionary.....would that qualify it as being a bit more secure?
Here's the "math" behind it, so you can calculate for yourself:
The password strength (entropy) is calculated this way,
B = ((L * log P) / log 2)
where B is the entropy in bits, L is the length of the password, and P is
the amount of possible different chars (the "pool"). So if you choose e.g. base64,
P will always be 64, and if you choose a password which e.g. includes A-Za-z0-9
og random chars as %!"/(] (and so on), P will be higher, thus resulting in
a higher strength of the overall password. There are P^L different passwords.
In general, a password only containing letters or numbers must be *very* large to have a
high security margin.
More information about the users
mailing list