Of course, if you publish a password on a public mailing list, it then as zero bits of entropy regardless of how it was encoded. :)
On Fri, Feb 3, 2017 at 7:38 AM, Kent Borg <[email protected]> wrote: > On 02/02/2017 07:48 PM, Richard Pieri wrote: > >> On 2/2/2017 5:15 PM, Kent Borg wrote: >> >>> It depends on where those words came from. I am not relying on some >>> trick, I am relying on raw combinations. >>> >> A dictionary attack against "premium student viking" using a given set >> of dictionaries takes exactly the same number of tries regardless >> > > And if the dictionary has, let's say for round numbers 2048 words, then it > takes 2048 attempts to try them all. > > If I have three of those words in a row it takes 2048*2048*2048 attempts > to try them all. That's 33-bits of entropy. The fact that the 33-bits are > coded in 1s and 0s, in ACSII 1s and 0s, in hex, in base64, or in a lookup > table words doesn't change how may attempts are needed. It is all about the > number of combinations. > > regardless of how >> you selected those words. >> > > No. If you choose words that "seem" random, if you choose words that a > cracker could anticipate, then those combinations can be tried first, and > the right combination found sooner. The cracker mught anticipate your > behavior, but if the words are chosen randomly then the attacker has to > anticipate the random number generator; has to anticipate the roll of the > dice, has to anticipate the draw of the cards, has to anticipate the bits > in urandom: in each case you want them to be impossible to anticipate. > > It is not possible to know how many bits of entropy are in a password by > looking at it, you can't tell if a password is really good by looking, you > really have to know how it was created to be sure. > > -kb > > _______________________________________________ > Discuss mailing list > [email protected] > http://lists.blu.org/mailman/listinfo/discuss > -- John Abreau / Executive Director, Boston Linux & Unix Email [email protected] / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
