Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] ssh keys question



On 06/17/2016 09:36 PM, IngeGNUe wrote:
> One concern I have is with password crackers that use dictionary 
> attacks. Are you saying that with enough words strung together, such 
> attacks won't matter as much?

Yes.

If  I flip a coin 32-times, I have 32-bits of entropy. If I use that as 
a password I first have to map it into something I can type on a 
keyboard. I could to hthhthh... or 1011011... or XxXXxXX... or True 
False True True False True True...  or hex or base64 or any other 
mechanical mapping. It doesn't matter what mapping I choose, as long as 
it is reversible. Similarly I could use the bits to do a lookup into a 
word list.

If you force the dictionary attack to do a search through 2^32 
combinations you have indeed forced it to search through those four 
billion combinations.

If I have 2048 words, that is 2^11, if I randomly pick one and you want 
to guess it you will take about 1000-tries to have a 50% chance of 
guessing my word. The fact that my word appears in a dictionary doesn't 
change there there are 2048 words in that dictionary, it takes time to 
guess them all. If I put three such randomly chosen words in a row then 
the number of possibilities is cubed and the number of guesses to hit my 
choice is also cubed.

-kb



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org