Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] ssh keys question



On 06/17/2016 09:36 PM, IngeGNUe wrote:
> One concern I have is with password crackers that use dictionary 
> attacks. Are you saying that with enough words strung together, such 
> attacks won't matter as much?

Yes.

If  I flip a coin 32-times, I have 32-bits of entropy. If I use that as 
a password I first have to map it into something I can type on a 
keyboard. I could to hthhthh... or 1011011... or XxXXxXX... or True 
False True True False True True...  or hex or base64 or any other 
mechanical mapping. It doesn't matter what mapping I choose, as long as 
it is reversible. Similarly I could use the bits to do a lookup into a 
word list.

If you force the dictionary attack to do a search through 2^32 
combinations you have indeed forced it to search through those four 
billion combinations.

If I have 2048 words, that is 2^11, if I randomly pick one and you want 
to guess it you will take about 1000-tries to have a 50% chance of 
guessing my word. The fact that my word appears in a dictionary doesn't 
change there there are 2048 words in that dictionary, it takes time to 
guess them all. If I put three such randomly chosen words in a row then 
the number of possibilities is cubed and the number of guesses to hit my 
choice is also cubed.

-kb



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org