Refeds


Subject Re: draft charge, refeds working group on attribute release
From Leif Johansson <leifj@xxxxxxxx>
Date Tue, 05 Jul 2011 22:06:32 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/05/2011 09:35 PM, David Chadwick wrote:
> Hi Leif
> 
> unfortunately you have quoted 800-63 wrongly. The entropy required for
> LOA 1 is only 1 in 2**10, or 1 in 1024, not 1 in 2**1024. This is very
> very different. Appendix A also says that a system that assigns
> subscribers 6 character passwords, randomly selected, from a 96 char
> set, meets LOA 2 and has an entropy of 1 in 16K. So if Level 2 only
> requires 6 random char passwords, how onerous could it be to meet LOA 1
> with one sixteenth of the strength?

You are quite right. One answer to how difficult it is to meet these
requirements can be found in Eric Sacs notes I linked to.

	Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4TbsgACgkQ8Jx8FtbMZncauwCgtqQxJyhTEv4r01/C9N6IQi94
MFIAnjzb4B459hJU0PrcwkmEkZJ+cOMv
=/uXS
-----END PGP SIGNATURE-----