Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] deadmanish login?

Of course, if you publish a password on a public mailing list, it then as
zero bits of entropy regardless of how it was encoded. :)

On Fri, Feb 3, 2017 at 7:38 AM, Kent Borg <kentborg at> wrote:

> On 02/02/2017 07:48 PM, Richard Pieri wrote:
>> On 2/2/2017 5:15 PM, Kent Borg wrote:
>>> It depends on where those words came from. I am not relying on some
>>> trick, I am relying on raw combinations.
>> A dictionary attack against "premium student viking" using a given set
>> of dictionaries takes exactly the same number of tries regardless
> And if the dictionary has, let's say for round numbers 2048 words, then it
> takes 2048 attempts to try them all.
> If I have three of those words in a row it takes 2048*2048*2048 attempts
> to try them all. That's 33-bits of entropy. The fact that the 33-bits are
> coded in 1s and 0s, in ACSII 1s and 0s, in hex, in base64, or in a lookup
> table words doesn't change how may attempts are needed. It is all about the
> number of combinations.
> regardless of how
>> you selected those words.
> No. If you choose words that "seem" random, if you choose words that a
> cracker could anticipate, then those combinations can be tried first, and
> the right combination found sooner. The cracker mught anticipate your
> behavior, but if the words are chosen randomly then the attacker has to
> anticipate the random number generator; has to anticipate the roll of the
> dice, has to anticipate the draw of the cards, has to anticipate the bits
> in urandom: in each case you want them to be impossible to anticipate.
> It is not possible to know how many bits of entropy are in a password by
> looking at it, you can't tell if a password is really good by looking, you
> really have to know how it was created to be sure.
> -kb
> _______________________________________________
> Discuss mailing list
> Discuss at

John Abreau / Executive Director, Boston Linux & Unix
Email jabr at / WWW / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /