A better way to think about passwords
Hedge Hog
hedgehogshiatus at gmail.com
Mon Apr 18 01:09:36 CEST 2011
On Mon, Apr 18, 2011 at 8:58 AM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
>> Summary: A 3-word password (e.g., "quick brown fox") is secure against
>> cracking attempts for 2,537 years.
>
> I am giving a great big yuk to his methodology. There's no reference to the entropy of text, for instance. His example of a three common word password, "this is fun," amounts to a total of 11 letters: this will be around 22 bits of entropy, or 4 million combinations. @ 100 attempts per second, that requires 40,000 seconds, or about 11 hours. He claims it'll take 2,357 years. Let's just say I'm skeptical.
>
> Also, look at his claims for a six-character "common word." Okay, so this has at most 10 bits of entropy or so: any more and it wouldn't be common. 10 bits of entropy equals 1000 possibilities, @ 100 per second equals ten seconds to break it -- not the 3 minutes he claims.
>
> His math doesn't work. I call shenanigans on the entire thing.
>
Correct. But do you claim the ideas are shenanigans:
a) use several words.
b) choose memorable combinations, to you, of these words.
Example: What do you make the _expected_ secure time _estimate_ of:
a) three four letter words say: muck, ruck, puck?
b) make them memorable: the puck in the ruck in the muck?
Then, for a), what is the estimate if one choose three five letter
words, or three six letter words?
Best wishes.
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
--
πόλλ' οἶδ ἀλώπηξ, ἀλλ' ἐχῖνος ἓν μέγα
[The fox knows many things, but the hedgehog knows one big thing.]
Archilochus, Greek poet (c. 680 BC – c. 645 BC)
http://wiki.hedgehogshiatus.com
More information about the Gnupg-users
mailing list