> Your “trillion guesses per second” is an arbitrary number. You are deluding yourself you think that any serious attacker will be so limited.

What is the actual number, then?

> Of course, Bitcoin miners are highly specialized and can not be used for password cracking.

I would like to suggest suggest sticking to facts and evidence pertaining to password cracking. Bitcoin may be based in cryptography, but that doesn't necessarily mean you can apply rules to Bitcoin 1:1 onto passwords.

> Conclusion: In 2017, your suggested scheme is more broken than DES in 1998.

I didn't see the source of this conclusion in the paragraphs that preceded it. It seems to me you were just claiming that computer power grows by a certain amount in 19 years (why 19 years? Why not 10, or 50?) to an extent greater than the figure Magic Banana supplied.

But what your conclusion here states suggests that the scheme itself is fundamentally broken. If that is the case, then why is it not possible to simply increase the number of words to achieve an acceptable strength, thus increasing the number of possibilities even further?

Or alternatively, if the scheme is fine given a sufficient number of words, why don't you simply provide a calculation for what that number of words actually is? I think this would be much more constructive than just saying multiple times that what was provided doesn't work. At the same time, it would be worth comparing that to a string of characters (which is what you appear to be advocating), particularly looking at how long the string of characters needs to be to match the string of words. That way, we could compare the relative lengths and strengths of both methods directly.

> Your original point was about bugs. The man page talks about cryptographic attacks.

This seems like a bit of a semantic argument, no? I took what Magic Banana wrote to mean that /dev/random is safer than /dev/urandom, which you seem to implicitly admit here, and therefore /dev/random ought to be used. Considering the only trade-off is having to wait a little longer, I can't see I can think of any fundamental flaw in this reasoning.

How about this: what is the reason you recommend /dev/urandom when /dev/random would (as you freely admit) be safer? You could argue forever about how much safer it is, but why take the chance?

Reply via email to