Daily Archives: August 9, 2012

“This was not a boating accident!”

…well, actually, it was a boating accident, according to the Anchorage Daily News:

Two women are dead after their canoe capsized on Eagle River on Wednesday afternoon, police and fire officials said.

They had PFDs and other people were with them and still they died. Authorities are investigating.

Earlier this summer, I was trying to learn how to canoe in order to go for a float trip down the Gulkana. But I lost my enthusiasm for the project about the 117th time the canoe tipped me into Campbell Creek.

It’s not that it wasn’t fun. Even I, in my state of complete naivety, could tell it had the potential to be very fun. But not so fun I couldn’t walk away from it.

More on Passwords

In my previous entry about passwords, I didn’t say how hard it would be to crack my passwords. Beats me. I didn’t even say how many bits of entropy they represent, which is apparently what all the cool crypto cats do.

(The first number I cited, 3 × 1 million3, has 62 bits(!) of entropy. That’s a tough nut to crack. My least-secure option I said was from a pool of 425 million passwords. That’s only 29 bits, which is still about twice as secure as the passwords people suggest you use, things like Tr0ub4dor&3.)

The reason I didn’t cite bits of entropy is (first, that I don’t know math, but secondly) because I’m more interested in the size of the password pool. That is, if you knew the set of common words I’m using (you don’t, but you could start here), how many different separators I use, and the rules for combining them, there are that many possible outcomes.

My pool-size numbers are conservative, because a cracker doesn’t know (for sure) if I’m using only legal words, much less common ones. For all the would-be cracker knows, my dictionary could be full of gibberish like you get from pwgen(1):

iquifeer  nosubiek  iungeime
eighaeka  aqueejas  oaxepohb
aequahsa  raingaej  azeefeep
johphaec  fahtieda  aihaimif
aduyoowe  airahbop  iedeibae

I might even be using pwgen’s “hard” settings:

jjfidv7B  8ZbBAEMP  9zR5PBPn
8f45kjMB  bWZiOF6j  3P7t4FLY
Y1iZKeYA  z8k0nv1T  WD3yQcW8
nDyVSe5o  k42muCy2  F7W43IFD
u2pGNV8F  fQ0CvvT7  k7awERR1

I wouldn’t do that, because those passwords would be hard for me to remember. But how does the cracker know that?