[nycbug-talk] Passwords

Brian Cully bcully at gmail.com
Thu Sep 8 12:01:21 EDT 2011


On Sep 8, 2011, at 11:03 AM, Chris Snyder wrote:
>> On Wed, Sep 7, 2011 at 6:49 PM, Isaac Levy <ike at blackskyresearch.net> wrote:
>> http://xkcd.com/936/
> 
> I've been turning this over in my head ever since I first saw that
> strip. If Alice knows that Bob reads xkcd and believes everything that
> Randall Munroe says, then she can build a password cracker that uses
> dictionary words as tokens and p0wn him in a relatively short amount
> of time.

	No you couldn't. That's the point.  There are a lot of words in the dictionary:

> natasya:~/src/jnctn/puppet-modules% wc -l /usr/share/dict/words
>   235886 /usr/share/dict/words

	That's about 21 bits of entropy if you use the whole dictionary. His 11 bits assumes ~2k common words. Four of them makes for 44 bits of entropy, which is rather better than what most of use with l33t-sp33k passwords.

-bjc


More information about the talk mailing list