bcully at gmail.com
Thu Sep 8 12:01:21 EDT 2011
On Sep 8, 2011, at 11:03 AM, Chris Snyder wrote:
>> On Wed, Sep 7, 2011 at 6:49 PM, Isaac Levy <ike at blackskyresearch.net> wrote:
> I've been turning this over in my head ever since I first saw that
> strip. If Alice knows that Bob reads xkcd and believes everything that
> Randall Munroe says, then she can build a password cracker that uses
> dictionary words as tokens and p0wn him in a relatively short amount
> of time.
No you couldn't. That's the point. There are a lot of words in the dictionary:
> natasya:~/src/jnctn/puppet-modules% wc -l /usr/share/dict/words
> 235886 /usr/share/dict/words
That's about 21 bits of entropy if you use the whole dictionary. His 11 bits assumes ~2k common words. Four of them makes for 44 bits of entropy, which is rather better than what most of use with l33t-sp33k passwords.
More information about the talk