A better way to think about passwords

Robert J. Hansen rjh at sixdemonbag.org
Mon Apr 18 00:58:13 CEST 2011


> Summary: A 3-word password (e.g., "quick brown fox") is secure against
> cracking attempts for 2,537 years.

I am giving a great big yuk to his methodology.  There's no reference to the entropy of text, for instance.  His example of a three common word password, "this is fun," amounts to a total of 11 letters: this will be around 22 bits of entropy, or 4 million combinations.  @ 100 attempts per second, that requires 40,000 seconds, or about 11 hours.  He claims it'll take 2,357 years.  Let's just say I'm skeptical.

Also, look at his claims for a six-character "common word."  Okay, so this has at most 10 bits of entropy or so: any more and it wouldn't be common.  10 bits of entropy equals 1000 possibilities, @ 100 per second equals ten seconds to break it -- not the 3 minutes he claims.

His math doesn't work.  I call shenanigans on the entire thing.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 227 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20110417/51d540d7/attachment.pgp>


More information about the Gnupg-users mailing list