On Mon, Apr 18, 2011 at 8:58 AM, Robert J. Hansen <r...@sixdemonbag.org> wrote: >> Summary: A 3-word password (e.g., "quick brown fox") is secure against >> cracking attempts for 2,537 years. > > I am giving a great big yuk to his methodology. There's no reference to the > entropy of text, for instance. His example of a three common word password, > "this is fun," amounts to a total of 11 letters: this will be around 22 bits > of entropy, or 4 million combinations. @ 100 attempts per second, that > requires 40,000 seconds, or about 11 hours. He claims it'll take 2,357 > years. Let's just say I'm skeptical. > > Also, look at his claims for a six-character "common word." Okay, so this > has at most 10 bits of entropy or so: any more and it wouldn't be common. 10 > bits of entropy equals 1000 possibilities, @ 100 per second equals ten > seconds to break it -- not the 3 minutes he claims. > > His math doesn't work. I call shenanigans on the entire thing. >
Correct. But do you claim the ideas are shenanigans: a) use several words. b) choose memorable combinations, to you, of these words. Example: What do you make the _expected_ secure time _estimate_ of: a) three four letter words say: muck, ruck, puck? b) make them memorable: the puck in the ruck in the muck? Then, for a), what is the estimate if one choose three five letter words, or three six letter words? Best wishes. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > -- πόλλ' οἶδ ἀλώπηξ, ἀλλ' ἐχῖνος ἓν μέγα [The fox knows many things, but the hedgehog knows one big thing.] Archilochus, Greek poet (c. 680 BC – c. 645 BC) http://wiki.hedgehogshiatus.com _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
