On Mon, Feb 13, 2023 at 04:07:33PM -0500, Phil Stracchino <ph...@caerllewys.net> wrote:
> On 2/13/23 15:18, Daniele Nicolodi wrote: > > Isn't this estimate based on the assumption that the scheme used to > > generate the password is known? > > Well, sort of. But what it means in practice is that after the common > dictionary attack pass, you do a pass of permuting 3-4 common dictionary > words. Because most people who are going to use that password scheme aren't > going to pick words like floccinoccipilification. The target of > dictionary-based attacks is the low-hanging fruit. Apologies in advance if this is a lesson in how to suck eggs. :-) Dictionary-based attacks being for low-hanging fruit is predicated on a single-word password. It's no longer low-hanging fruit if, after trying 8000 single-word password guesses (the actual low-hanging fruit), you then need to check another 4 quadrillion guesses (8000^4) for the exactly-4-word pass phrases. And for diceware style passphrases to be meaningful, it's important that none of the words are "picked" by a human. They must be random. Then, it doesn't matter if they are common words or not. This page explains it well: https://diceware.rempe.us/#eff With a dictionary of ~8K words, each word has ~12.92 bits of entropy. i.e. Six words is pretty good. Ten words is very good. Four words is probably good enough for most website logins, but not for private key encryption passphrases. The page above links to more explanation here: https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/ cheers, raf
