Assurance

["RL 'Bob' Morgan" <>]

On Tue, 13 Dec 2011, Mark John Rank wrote:

> Thanks.  Do you know the reason why it was taken down. I would assume 
> due to liability reasons but ...

While liability is the usual reason for most otherwise inexplicable 
organizational actions, I don't think it's a concern for the federal 
government.

I think it was the case that the entropy spreadsheet required user support 
that NIST wasn't prepared to give, and the contract with the organization 
that produced it had expired.

 - RL "Bob"


> ----- Original Message -----
> From: "Dean Woodbeck" 
> <>
> To: 
>
> Sent: Tuesday, December 13, 2011 12:15:08 PM
> Subject: Re: [Assurance] Password scheme design tool...
>
> Hi Mark,
>
> NIST used to have a password entropy tool on their website, but it was taken 
> down a couple of years back. I downloaded it prior to its demise and have 
> attached it, in case this might help.
>
> Dean
>
>
>
>
> On Dec 13, 2011, at 1:05 PM, Mark John Rank wrote:
>
> > Folks:
> >
> > I use to have a spreadsheet tool that allowed me to
> > model the entropy strength for a credential by adjusting
> > different parameters (#char, size of character set, TTL,
> > lockout rule, etc.).  I appear to have lost track of
> > it and was wondering if the collective could suggest/share/point
> > me to a replacement resource?  I thought I would ask
> > before trying to reconstruct from first principles.
> >
> > Thanks in advance,
> > Mark
> >
> > ------------------------------------------
> > Mark Rank - IAM Program Manager
> > University Information Technology Services
> > UW-Milwaukee
> > Email: 
> >
> > Phn:  414-229-3706
> > ------------------------------------------