suvikaartinen
suvikaartinen
How about scoping the entropy requirement for different levels: Verify that user set password contain at least 40/64/80 bits of entropy (e.g. 8/10/13 random characters or 4/5/7 random words). I...
My proposal: 2.1.1 Verify that user set passwords have at least 40 bits of entropy (typically 8 random characters or 4 random words is sufficient). 2.6.2 Verify that lookup secrets...
Also on L3 threat modelling should utilize some formal method such as STRIDE
Sorry for slowness in answers, apparently I have way too much customer work to really give proper effort on this. From my perspective the formula for calculating password entropy give...