Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] vnc

I know this is beating a dead horse, and also OT for the vnc topic.

Suppose you pick a word randomly from a word list, suppose it's the GSL, and the word selection is worth approx 11 bits of entropy.  If that word happens to be "a" then you have 11 bits per character.  If the word happens to be "experience" then you have 1 bit per character.

If you're choosing a sentence as a password, I think you should probably estimate its entropy using its word count rather than its character count.  And since words are not selected randomly, you should not count 11 bits per word.  

To put a bound on that estimate - I claim 11 random words from the GSL gets you ~121 bits of entropy.  On average this would be 64 characters plus separator character, so 74 characters total.  By comparison, as Dan says estimate 1.1 bits per character in a sentence, that would be 110 characters.  The ratio here is 0.67.  This would mean that each word in a sentence is 0.67 times as random as a perfectly random word.  I don't buy it.  I swear that measurement is grossly overestimated.

So if you introduce a fudge factor - let's just suppose that each word in a sentence is at most 0.2 times as random as a purely random word (seems about right by my gut feel).  Then you'll need 5x more words in your sentence, which means 55 words.  On average that will be around 320 characters.
BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix / webmaster@blu.org