Or alternatively, if the scheme is fine given a sufficient number of words, why don't you simply provide a calculation for what that number of words actually is? I think this would be much more constructive than just saying multiple times that what was provided doesn't work. At the same time, it would be worth comparing that to a string of characters (which is what you appear to be advocating), particularly looking at how long the string of characters needs to be to match the string of words.

I can do that. Knowing the way the password was generated and assuming the random number generation is not vulnerable, the password with n American words is as strong as the password with 2.7 x n 64-base characters (the exact coefficient is log(62155)/log(64)).

What number n is sufficiently large? It depends the cracker (the computing power at her disposal, the time she is willing to spend, the electricity bill she is willing to pay). Let us take an extreme case to be safe: the NSA trying to crack Laura Poitras' passwords. Edward Snowden, who better knows NSA's capabilities than us, advised Laura:

Assume your adversary is capable of one trillion guesses per second.
https://www.wired.com/2014/10/snowdens-first-emails-to-poitras/

With n = 4, the NSA would need to keep that guessing rate during 86 days in average (86 days being half of the time to enumerate all passwords that can be generated). I doubt the NSA considers many people are worth such a computing effort. For most people, the NSA probably has faster ways to get the information, though threats for instance. But Laura Poitras may be worth it. With n = 5, the NSA would need 6118 years in average. Starting today. Actually, to finish earlier, the NSA had better wait a few years (decades?), to get greater computing power, than start now.

Let us take both cases:

n = 4 and 2.7 x 4 = 11:
$ words=4; dic=/usr/share/hunspell/en_US.dic; max=$(wc -l < $dic); for i in $(seq $words); do r=$(od -A n -N 4 -t u4 /dev/random); cut -d / -f 1 $dic | sed -n $(expr $r % $max + 1)p; done | tr '\n' ' '
ingoing jar Emmet nemeses
$ head -c 8 /dev/urandom | base64 | head -c 11 && echo
b+B59UXulCA
n = 5 and 2.7 x 5 = 13:
$ words=5; dic=/usr/share/hunspell/en_US.dic; max=$(wc -l < $dic); for i in $(seq $words); do r=$(od -A n -N 4 -t u4 /dev/random); cut -d / -f 1 $dic | sed -n $(expr $r % $max + 1)p; done | tr '\n' ' '
stimuli poet parasite Caresa tinfoil
$ head -c 9 /dev/urandom | base64 | head -c 13 && echo
sI2L5LOkCPkoJ

(NB: the 11-character password actually is a little stronger than the four-word password; the 13-character password is a little weaker than the five-word password: I have to round...)

Now the subjective question: do you prefer to use (in particular remember and type) "ingoing jar Emmet nemeses" or "b+B59UXulCA"? "stimuli poet parasite Caresa tinfoil" or "sI2L5LOkCPkoJ"? To answer the question, you can refer to the mnemonic marioxcc described (making up the first sentence to remember "b+B5", etc.).

Reply via email to