On Mon, Feb 13, 2023 at 02:44:24PM -0500, Phil Stracchino wrote:
> On 2/13/23 13:30, Viktor Dukhovni wrote:
> > The apparent user name was "dnew...@networktest.com", and the password,
> > though partly mangled, was something like:
> >
> > dialer-vinegar-agora-fastness3
> > ??????
>
>
> That looks similar to the xkcd password generation scheme ... which
> sounds good if you don't really think about it, but actually is
> shockingly cryptographically weak, something like 1.5-2.5 bits of
> entropy per WORD if memory serves.
No, that estimate is way off. It is more like 1.5-2 bits per byte, not
per word. With words taken at random from a plausible dictionary of
~64k words, you get 16 bits per word, or ~64 bits for the above.
--
Viktor.
