BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] deadmanish login?

Subject: [Discuss] deadmanish login?
From: jabr at blu.org (John Abreau)
Date: Fri, 3 Feb 2017 08:40:53 -0500
In-reply-to: <b261f072-dd42-b3e1-119e-3a380444a4dc@borg.org>
References: <iydoKFG1q6EvZNl6T2sztfNEyMK3eE7jp_2ZXrcPTgVFK1IPE5deLwZcViB_xDQMcb16enHDIBp9gek18AIxu5VrLtdgSHK6qEOO91dh2nA=@protonmail.com> <20170131014651.GA21915@newtao.randomstring.org> <1cca093a-2f5b-c105-0288-5f435c11104e@borg.org> <e94de5ff-7644-d501-ccb4-fd4a6b32ff7a@napc.com> <565bdd82-c70e-3e64-6786-63f9b8de12da@borg.org> <e480dec0-22f0-99be-dbc0-fa3f75ddd1fe@gmail.com> <a47bda52-ca1f-15ab-2f57-3ab5d1519a48@borg.org> <ecfa4f25-9416-ddcc-d92f-7979136fdf96@borg.org> <837eb7de-a956-c4bb-63f4-e1bcfa0e3861@gmail.com> <37fde12c-5572-a9e2-0525-fb37a8400691@borg.org> <5560cbeb-9a49-b959-c28a-44a3f0145d0f@gmail.com> <b261f072-dd42-b3e1-119e-3a380444a4dc@borg.org>

Of course, if you publish a password on a public mailing list, it then as
zero bits of entropy regardless of how it was encoded. :)


On Fri, Feb 3, 2017 at 7:38 AM, Kent Borg <kentborg at borg.org> wrote:

> On 02/02/2017 07:48 PM, Richard Pieri wrote:
>
>> On 2/2/2017 5:15 PM, Kent Borg wrote:
>>
>>> It depends on where those words came from. I am not relying on some
>>> trick, I am relying on raw combinations.
>>>
>> A dictionary attack against "premium student viking" using a given set
>> of dictionaries takes exactly the same number of tries regardless
>>
>
> And if the dictionary has, let's say for round numbers 2048 words, then it
> takes 2048 attempts to try them all.
>
> If I have three of those words in a row it takes 2048*2048*2048 attempts
> to try them all. That's 33-bits of entropy. The fact that the 33-bits are
> coded in 1s and 0s, in ACSII 1s and 0s, in hex, in base64, or in a lookup
> table words doesn't change how may attempts are needed. It is all about the
> number of combinations.
>
> regardless of how
>> you selected those words.
>>
>
> No. If you choose words that "seem" random, if you choose words that a
> cracker could anticipate, then those combinations can be tried first, and
> the right combination found sooner. The cracker mught anticipate your
> behavior, but if the words are chosen randomly then the attacker has to
> anticipate the random number generator; has to anticipate the roll of the
> dice, has to anticipate the draw of the cards, has to anticipate the bits
> in urandom: in each case you want them to be impossible to anticipate.
>
> It is not possible to know how many bits of entropy are in a password by
> looking at it, you can't tell if a password is really good by looking, you
> really have to know how it was created to be sure.
>
> -kb
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6

Follow-Ups:
- [Discuss] deadmanish login?
  - From: kentborg at borg.org (Kent Borg)

References:
- [Discuss] deadmanish login?
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
  - From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
  - From: kentborg at borg.org (Kent Borg)

Prev by Date: [Discuss] deadmanish login?
Next by Date: [Discuss] deadmanish login?
Previous by thread: [Discuss] deadmanish login?
Next by thread: [Discuss] deadmanish login?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.