[Discuss] ssh keys question

[Bill Ricker]

On Sat, Jun 18, 2016 at 12:32 AM, Kent Borg <kentborg at borg.org> wrote:

> If I have 2048 words, that is 2^11, if I randomly pick one and you want to
> guess it you will take about 1000-tries to have a 50% chance of guessing my
> word. The fact that my word appears in a dictionary doesn't change there
> there are 2048 words in that dictionary, it takes time to guess them all.
> If I put three such randomly chosen words in a row then the number of
> possibilities is cubed and the number of guesses to hit my choice is also
> cubed.


​Even better ...​

My dictionary search against  your synthetic memorable 32bit password will
only be only (2^11)^3​ if i guess or know which 2048-word short-dictionary
you're using, or slowly infer it from observed leakage somehow.

If you use XKCD's up-goer word list, that's a well know list and yeah, i
can guess that.

Or if you used for your wordlist the same wordlist the famous cracking
software uses for their short password guessing wordlist. Uh no, bad
choice!

If you took a 30k - 100K wordlist and selected a 2k word subset randomly,
maybe excluding the 20-50% least common for ease of spelling, you'd have a
custom list of 2k words that i can't guess. I might be able to slowly
reconstruct that list if i can get your disgruntled ex-employees to tell me
what their passwords used to be, since it's harmless fun ... heh heh  ...
1000 telling me their 3 words has a good chance of giving me most of them
but i'll still be a few short in all likelyhood, but it's good enough.

But that still leaves me with executing the 2^32 dictionary attack.

 Which is likely only interesting if i've stolen all your users' hashes
already and you have poor salts and hashes so i can rainbow table to find
multiple users at once. Doing 2^32 trials coming in the front door of a
server is likely to get noticed as a DOS, aside from taking literally
forever.


-- 
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux