A better way to think about passwords
Robert J. Hansen
rjh at sixdemonbag.org
Mon Apr 18 00:58:13 CEST 2011
> Summary: A 3-word password (e.g., "quick brown fox") is secure against
> cracking attempts for 2,537 years.
I am giving a great big yuk to his methodology. There's no reference to the entropy of text, for instance. His example of a three common word password, "this is fun," amounts to a total of 11 letters: this will be around 22 bits of entropy, or 4 million combinations. @ 100 attempts per second, that requires 40,000 seconds, or about 11 hours. He claims it'll take 2,357 years. Let's just say I'm skeptical.
Also, look at his claims for a six-character "common word." Okay, so this has at most 10 bits of entropy or so: any more and it wouldn't be common. 10 bits of entropy equals 1000 possibilities, @ 100 per second equals ten seconds to break it -- not the 3 minutes he claims.
His math doesn't work. I call shenanigans on the entire thing.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 227 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20110417/51d540d7/attachment.pgp>
More information about the Gnupg-users
mailing list