BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] ssh keys question
- Subject: [Discuss] ssh keys question
- From: kentborg at borg.org (Kent Borg)
- Date: Sat, 18 Jun 2016 00:32:40 -0400
- In-reply-to: <c35b33c6-af08-d708-25d3-d108e28d3571@riseup.net>
- References: <mailman.11.1466179204.26887.discuss@blu.org> <ee255849986a8455a436c0cff185444c.squirrel@webmail.ci.net> <5764883F.3030807@borg.org> <c35b33c6-af08-d708-25d3-d108e28d3571@riseup.net>
On 06/17/2016 09:36 PM, IngeGNUe wrote: > One concern I have is with password crackers that use dictionary > attacks. Are you saying that with enough words strung together, such > attacks won't matter as much? Yes. If I flip a coin 32-times, I have 32-bits of entropy. If I use that as a password I first have to map it into something I can type on a keyboard. I could to hthhthh... or 1011011... or XxXXxXX... or True False True True False True True... or hex or base64 or any other mechanical mapping. It doesn't matter what mapping I choose, as long as it is reversible. Similarly I could use the bits to do a lookup into a word list. If you force the dictionary attack to do a search through 2^32 combinations you have indeed forced it to search through those four billion combinations. If I have 2048 words, that is 2^11, if I randomly pick one and you want to guess it you will take about 1000-tries to have a 50% chance of guessing my word. The fact that my word appears in a dictionary doesn't change there there are 2048 words in that dictionary, it takes time to guess them all. If I put three such randomly chosen words in a row then the number of possibilities is cubed and the number of guesses to hit my choice is also cubed. -kb
- Follow-Ups:
- [Discuss] ssh keys question
- From: bill.n1vux at gmail.com (Bill Ricker)
- [Discuss] ssh keys question
- References:
- [Discuss] ssh keys question
- From: richb at pioneer.ci.net (Rich Braun)
- [Discuss] ssh keys question
- From: kentborg at borg.org (Kent Borg)
- [Discuss] ssh keys question
- From: ingegnue at riseup.net (IngeGNUe)
- [Discuss] ssh keys question
- Prev by Date: [Discuss] ssh keys question
- Next by Date: [Discuss] SSH port forwarding through middleman (bastion host)
- Previous by thread: [Discuss] ssh keys question
- Next by thread: [Discuss] ssh keys question
- Index(es):