[Q] Diceware password size
Mon May 26 23:40:03 2003
Content-Type: text/plain; charset=us-ascii
I want to have an idea of how secure a diceware password is.
The diceware FAQ says:
* Four words are breakable with a hundred or so PCs.
* Five words are only breakable by an organization with a large budget.
* Six words appear unbreakable for the near future, thought they may be=20
within the range of large governments.
* Seven words and longer are unbreakable with any known technology.
* Eight words should be completely secure for some time to come.
Now, I don't know when this page was last updated, so I don't know how=20
accurate these statements would be. Given current technology, are these=20
statements still reasonably correct?
I'd like some help figuring out the security of a diceware passphrase.
The diceware word list contains 7776 words.
=3D> There are (7776)^5 possible 5-word passphrases.
=3D> There is a probability 'p' that the passphrase will be discovered
within the first p*(7776)^5 trials.
If I knew the number of trials 'n' that can be performed each minute I=20
could estimate the security of a diceware passphrase. Of course, the=20
value of 'n' depends on the attacker.
Could someone help me figure out the value of 'n' given knowledge of=20
current technology and the resourcefulness of the attacker? =20
(for instance, an attacker with 500 computers at 3GHZ).
Thanks for the help.
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
-----END PGP SIGNATURE-----