[Q] Diceware password size

Daniel Carrera dcarrera@math.umd.edu
Mon May 26 23:40:03 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello all,

I want to have an idea of how secure a diceware password is.


The diceware FAQ says:

* Four words are breakable with a hundred or so PCs.
* Five words are only breakable by an organization with a large budget.
* Six words appear unbreakable for the near future, thought they may be=20
  within the range of large governments.
* Seven words and longer are unbreakable with any known technology.
* Eight words should be completely secure for some time to come.

Now, I don't know when this page was last updated, so I don't know how=20
accurate these statements would be.  Given current technology, are these=20
statements still reasonably correct?

I'd like some help figuring out the security of a diceware passphrase.

 The diceware word list contains 7776 words.
 =3D> There are (7776)^5 possible 5-word passphrases.
 =3D> There is a probability 'p' that the passphrase will be discovered
    within the first  p*(7776)^5 trials.

  If I knew the number of trials 'n' that can be performed each minute I=20
  could estimate the security of a diceware passphrase.  Of course, the=20
  value of 'n' depends on the attacker.

Could someone help me figure out the value of 'n' given knowledge of=20
current technology and the resourcefulness of the attacker? =20
(for instance, an attacker with 500 computers at 3GHZ).

Thanks for the help.
Daniel Carrera         | OpenPGP fingerprint:
Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
UMD  (301) 405-5137    | http://www.math.umd.edu/~dcarrera/pgp.html

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.2 (SunOS)