*IMPORTANT NOTICE:* I've just made an important change to the Google Docs Sheet here: https://docs.google.com/spreadsheets/d/16_KdYAW03sb86-w_AFFnM79IaTWQ7Ugx4T0VMfGteTM/edit?usp=sharing
Realizing that most security policies make requirements such as "At least 1 character must be a numeral", etc. for other character classes, I've adjusted this sheet to take this into account *along with the resulting reduction of password strength that comes with it.* I do recognize that these symbol-requirements policies are there to force people to choose passwords that use a broader set of symbols which has the desired effect of raising password strength, but the actual, theoretical maximum entropy of the resulting passwords is *significantly *lowered as a result. As a result, a 8-character password formed with at least 1 of each of these sets: - numerals (10); - lower-case letters (26); - upper-case letters (26); - and punctuation symbols (10-ish); will offer *at most* 40.7 bits of entropy. Passwords of this level of strength, when used on a system that uses 30000 iterations of PBKDF2 will be quickly and easily cracked by virtually any serious attacker. 100,000 iterations isn't really any better. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/356048aa-d124-4088-af2f-1ad253fb9992%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
