{"id":797,"date":"2012-08-09T09:37:09","date_gmt":"2012-08-09T17:37:09","guid":{"rendered":"https:\/\/accretiondisc.com\/blog\/?p=797"},"modified":"2012-08-09T09:40:12","modified_gmt":"2012-08-09T17:40:12","slug":"more-on-passwords","status":"publish","type":"post","link":"https:\/\/accretiondisc.com\/blog\/2012\/08\/09\/more-on-passwords\/","title":{"rendered":"More on Passwords"},"content":{"rendered":"<p>In my previous <a href=\"https:\/\/accretiondisc.com\/blog\/2012\/08\/08\/easy-secure-passwords\/\">entry about passwords<\/a>, I didn&#8217;t say how hard it would be to crack my passwords. Beats me. I didn&#8217;t even say how many bits of entropy they represent, which is apparently what all the cool crypto cats do.<\/p>\n<p>(The first number I cited, 3 &times; 1&nbsp;million<sup>3<\/sup>, has 62 bits(!) of entropy. That&#8217;s a tough nut to crack. My least-secure option I said was from a pool of 425 million passwords. That&#8217;s only 29 bits, which is still about twice as secure as the passwords people suggest you use, things like <code>Tr0ub4dor&3<\/code>.)<\/p>\n<p>The reason I didn&#8217;t cite bits of entropy is (first, that I don&#8217;t know math, but secondly) because I&#8217;m more interested in the size of the password pool. That is, if you knew the set of common words I&#8217;m using (you don&#8217;t, but <a href=\"http:\/\/corpus.byu.edu\/coca\/\">you could start here<\/a>), how many different separators I use, and the rules for combining them, there are that many possible outcomes.<\/p>\n<p>My pool-size numbers are <em>conservative<\/em>, because a cracker doesn&#8217;t know (for sure) if I&#8217;m using only legal words, much less common ones. For all the would-be cracker knows, my dictionary <em>could<\/em> be full of gibberish like you get from <a href=\"http:\/\/linux.die.net\/man\/1\/pwgen\">pwgen<\/a>(1):<\/p>\n<blockquote>\n<pre>iquifeer  nosubiek  iungeime\neighaeka  aqueejas  oaxepohb\naequahsa  raingaej  azeefeep\njohphaec  fahtieda  aihaimif\naduyoowe  airahbop  iedeibae<\/pre>\n<\/blockquote>\n<p>I might even be using pwgen&#8217;s &#8220;hard&#8221; settings:<\/p>\n<blockquote>\n<pre>jjfidv7B  8ZbBAEMP  9zR5PBPn\n8f45kjMB  bWZiOF6j  3P7t4FLY\nY1iZKeYA  z8k0nv1T  WD3yQcW8\nnDyVSe5o  k42muCy2  F7W43IFD\nu2pGNV8F  fQ0CvvT7  k7awERR1<\/pre>\n<\/blockquote>\n<p>I wouldn&#8217;t do that, because those passwords would be hard for me to remember. But how does the cracker know that?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In my previous entry about passwords, I didn&#8217;t say how hard it would be to crack my passwords. Beats me. I didn&#8217;t even say how many bits of entropy they represent, which is apparently what all the cool crypto cats do. (The first number I cited, 3 &times; 1&nbsp;million3, has 62 bits(!) of entropy. That&#8217;s [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[52],"tags":[596,598,397,595,594],"class_list":["post-797","post","type-post","status-publish","format-standard","hentry","category-technology","tag-cryptography","tag-english-2","tag-memory","tag-passphrase","tag-passwords"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paRqpr-cR","_links":{"self":[{"href":"https:\/\/accretiondisc.com\/blog\/wp-json\/wp\/v2\/posts\/797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/accretiondisc.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/accretiondisc.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/accretiondisc.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/accretiondisc.com\/blog\/wp-json\/wp\/v2\/comments?post=797"}],"version-history":[{"count":0,"href":"https:\/\/accretiondisc.com\/blog\/wp-json\/wp\/v2\/posts\/797\/revisions"}],"wp:attachment":[{"href":"https:\/\/accretiondisc.com\/blog\/wp-json\/wp\/v2\/media?parent=797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/accretiondisc.com\/blog\/wp-json\/wp\/v2\/categories?post=797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/accretiondisc.com\/blog\/wp-json\/wp\/v2\/tags?post=797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}