[Discuss] ssh keys question
Kent Borg
kentborg at borg.org
Sat Jun 18 00:32:40 EDT 2016
On 06/17/2016 09:36 PM, IngeGNUe wrote:
> One concern I have is with password crackers that use dictionary
> attacks. Are you saying that with enough words strung together, such
> attacks won't matter as much?
Yes.
If I flip a coin 32-times, I have 32-bits of entropy. If I use that as
a password I first have to map it into something I can type on a
keyboard. I could to hthhthh... or 1011011... or XxXXxXX... or True
False True True False True True... or hex or base64 or any other
mechanical mapping. It doesn't matter what mapping I choose, as long as
it is reversible. Similarly I could use the bits to do a lookup into a
word list.
If you force the dictionary attack to do a search through 2^32
combinations you have indeed forced it to search through those four
billion combinations.
If I have 2048 words, that is 2^11, if I randomly pick one and you want
to guess it you will take about 1000-tries to have a 50% chance of
guessing my word. The fact that my word appears in a dictionary doesn't
change there there are 2048 words in that dictionary, it takes time to
guess them all. If I put three such randomly chosen words in a row then
the number of possibilities is cubed and the number of guesses to hit my
choice is also cubed.
-kb
More information about the Discuss
mailing list