BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] deadmanish login?
- Subject: [Discuss] deadmanish login?
- From: jabr at blu.org (John Abreau)
- Date: Fri, 3 Feb 2017 08:40:53 -0500
- In-reply-to: <b261f072-dd42-b3e1-119e-3a380444a4dc@borg.org>
- References: <iydoKFG1q6EvZNl6T2sztfNEyMK3eE7jp_2ZXrcPTgVFK1IPE5deLwZcViB_xDQMcb16enHDIBp9gek18AIxu5VrLtdgSHK6qEOO91dh2nA=@protonmail.com> <20170131014651.GA21915@newtao.randomstring.org> <1cca093a-2f5b-c105-0288-5f435c11104e@borg.org> <e94de5ff-7644-d501-ccb4-fd4a6b32ff7a@napc.com> <565bdd82-c70e-3e64-6786-63f9b8de12da@borg.org> <e480dec0-22f0-99be-dbc0-fa3f75ddd1fe@gmail.com> <a47bda52-ca1f-15ab-2f57-3ab5d1519a48@borg.org> <ecfa4f25-9416-ddcc-d92f-7979136fdf96@borg.org> <837eb7de-a956-c4bb-63f4-e1bcfa0e3861@gmail.com> <37fde12c-5572-a9e2-0525-fb37a8400691@borg.org> <5560cbeb-9a49-b959-c28a-44a3f0145d0f@gmail.com> <b261f072-dd42-b3e1-119e-3a380444a4dc@borg.org>
Of course, if you publish a password on a public mailing list, it then as zero bits of entropy regardless of how it was encoded. :) On Fri, Feb 3, 2017 at 7:38 AM, Kent Borg <kentborg at borg.org> wrote: > On 02/02/2017 07:48 PM, Richard Pieri wrote: > >> On 2/2/2017 5:15 PM, Kent Borg wrote: >> >>> It depends on where those words came from. I am not relying on some >>> trick, I am relying on raw combinations. >>> >> A dictionary attack against "premium student viking" using a given set >> of dictionaries takes exactly the same number of tries regardless >> > > And if the dictionary has, let's say for round numbers 2048 words, then it > takes 2048 attempts to try them all. > > If I have three of those words in a row it takes 2048*2048*2048 attempts > to try them all. That's 33-bits of entropy. The fact that the 33-bits are > coded in 1s and 0s, in ACSII 1s and 0s, in hex, in base64, or in a lookup > table words doesn't change how may attempts are needed. It is all about the > number of combinations. > > regardless of how >> you selected those words. >> > > No. If you choose words that "seem" random, if you choose words that a > cracker could anticipate, then those combinations can be tried first, and > the right combination found sooner. The cracker mught anticipate your > behavior, but if the words are chosen randomly then the attacker has to > anticipate the random number generator; has to anticipate the roll of the > dice, has to anticipate the draw of the cards, has to anticipate the bits > in urandom: in each case you want them to be impossible to anticipate. > > It is not possible to know how many bits of entropy are in a password by > looking at it, you can't tell if a password is really good by looking, you > really have to know how it was created to be sure. > > -kb > > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://lists.blu.org/mailman/listinfo/discuss > -- John Abreau / Executive Director, Boston Linux & Unix Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6
- Follow-Ups:
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- References:
- [Discuss] deadmanish login?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] deadmanish login?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] deadmanish login?
- Prev by Date: [Discuss] deadmanish login?
- Next by Date: [Discuss] deadmanish login?
- Previous by thread: [Discuss] deadmanish login?
- Next by thread: [Discuss] deadmanish login?
- Index(es):