Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.misc > #24291
| From | Ivan Shmakov <ivan@siamics.net> |
|---|---|
| Newsgroups | alt.os.linux, comp.os.linux.misc, comp.security.misc |
| Subject | Re: random passwords |
| Date | 2018-08-24 18:07 +0000 |
| Organization | A noiseless patient Spider |
| Message-ID | <87h8jjfxjo.fsf@miko.siamics.net> (permalink) |
| References | (4 earlier) <pllofa$fbr$1@news1.tnib.de> <plm57g$p91$2@dont-email.me> <878t4xgouh.fsf_-_@miko.siamics.net> <plmiso$i0s$1@dont-email.me> <plmvbn$ehd$1@tncsrv09.home.tnetconsulting.net> |
Cross-posted to 3 groups.
>>>>> Grant Taylor <gtaylor@tnetconsulting.net> writes:
>>>>> On 08/23/2018 09:12 AM, Rich wrote:
>> Sentence based ones are better than pure word based ones, but
>> there's still patterns in sentence based passwords, patterns that
>> can be formulated into patterns for tools like jack the ripper to
>> test against. Yes, that increases the time of the attack, but
>> nothing like how the numbers blow up when the password is based on
>> "any one of the characters from large set X could appear here"
>> (random generation).
> Agreed.
At some point, the sheer number of patterns to consider will mean
that a significant fraction of key space has to be considered,
eliminating any advantage over exhaustive brute force search.
Still, as was already pointed out in this thread and elsewhere
(http://xkcd.com/936/), there's a certain compromise in choosing
a password that's hard enough to bruteforce and easy enough to
remember. And to quote XKCD specifically:
Through 20 years of effort, we've successfully trained everyone to
use passwords that are hard for humans to remember, but easy for
computers to guess.
> Words will /more/ /likely/ come from a dictionary of the /same/
> /language/ than a different language.
Which may be an argument in favor of "mangling" one or more of
the words.
> Words also equate to a sequence of letters, thus some predictability
> of said sequence letters.
> When calculating the strength of word based passphrases, you need to
> take size of the dictionary to the power of the number of words used.
> The last time I did the math, (I think) even a truly random eight
> character password was stronger than a five word passphrase out of a
> dictionary of a few thousand words. Obviously you can play with the
> numbers either way.
Assuming it's a random ASCII non-control (32 .. 127) character,
it's only \log _2 95 < 6.6 bits of entropy per character, or
about 53 bits of entropy for a 8-character password.
An equivalent 5-word password would require about 10.6 bits of
entropy per word, or a dictionary of 2 ^{10.6} < 1510 words.
Similarly, a 4-word password of similar strength would require
about 13.2 bits per word, or a dictionary of 10 ^{13.2} < 9500
words.
On one of my systems, /usr/share/dict/words has slightly over
99000 words, but that apparently includes proper names and
possessives, thus resulting in passphrases like:
$ shuf -n5 < american-english | fmt -w78
Garland japing Bushido misstatement's profundity's
$
[...]
--
FSF associate member #7257 http://am-1.org/~ivan/
Back to comp.os.linux.misc | Previous | Next — Previous in thread | Next in thread | Find similar
Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Nobody <noreply@mixnym.net> - 2018-08-22 16:44 -0500
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-22 22:04 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-22 16:22 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-23 00:29 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Arlen Holder <arlenholder@nospam.net> - 2018-08-23 01:37 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Marc Haber <mh+usenetspam1118@zugschl.us> - 2018-08-23 09:41 +0200
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Rich <rich@example.invalid> - 2018-08-23 11:19 +0000
random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 14:05 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-23 10:39 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 16:33 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:57 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:07 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-23 09:47 -0500
Re: random passwords Wouter Verhelst <w@uter.be> - 2018-08-24 10:16 +0200
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:46 +0100
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-24 09:19 -0400
Re: random passwords Daniel60 <daniel47@eternal-september.org> - 2018-08-25 21:57 +1000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-25 13:32 +0100
Re: random passwords Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2018-08-25 20:05 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 15:50 +0100
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:40 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:12 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 18:49 +0100
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-09-01 13:45 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-09-01 15:02 +0000
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-09-01 16:54 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-09-04 07:37 +0100
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 15:12 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-23 12:49 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:18 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:27 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:44 +0000
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:38 -0600
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:47 -0600
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 02:20 +0000
Re: random passwords Jasen Betts <jasen@xnet.co.nz> - 2018-08-24 05:10 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 02:32 +0100
Re: random passwords Rich <rich@example.invalid> - 2018-08-24 01:56 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:37 +0100
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 20:13 -0600
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:42 +0100
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 11:55 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 08:37 -0400
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 13:51 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 12:41 -0400
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-25 02:03 +0000
Re: random passwords Java Jive <java@evij.com.invalid> - 2018-08-25 11:32 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-25 07:49 -0400
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:12 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:40 +0000
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-27 20:10 -0400
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 00:17 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-27 20:52 -0400
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-27 22:31 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 10:23 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 14:45 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-28 23:00 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 01:22 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 07:21 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:37 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 12:25 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 19:35 +0100
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-29 17:46 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 06:53 +0100
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-30 07:48 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 19:07 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-31 00:36 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-31 03:10 +0100
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-31 12:26 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 23:36 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:35 +0100
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 23:45 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-24 18:07 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 20:27 +0000
Re: random passwords Bud Frede <frede@mouse-potato.com> - 2018-09-03 07:23 -0400
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:02 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 17:25 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:32 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:46 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 18:07 +0000
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:51 -0600
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-24 02:35 +0000
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 11:13 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-25 17:24 +0000
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 13:17 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-25 20:27 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-25 21:28 -0500
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-26 01:19 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 13:43 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-26 14:15 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 15:18 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 09:30 -0500
Re: random passwords Michael Black <mblack@pubnix.net> - 2018-08-26 11:44 -0400
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-26 16:40 -0500
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-28 13:29 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 14:32 +0100
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:17 +0100
Re: random passwords Melzzzzz <Melzzzzz@zzzzz.com> - 2018-08-27 06:21 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 08:15 +0100
Re: random passwords Roger Blake <rogblake@iname.invalid> - 2018-08-27 22:44 +0000
Re: random passwords azigni <azigni@yahoo.com> - 2018-08-26 12:55 -0600
Re: random passwords Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2018-08-26 19:19 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 16:09 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 21:32 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:19 +0100
Re: random passwords Doug McIntyre <merlyn@dork.geeks.org> - 2018-08-26 00:41 -0500
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 06:48 -0500
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Marc Haber <mh+usenetspam1118@zugschl.us> - 2018-08-23 19:49 +0200
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Bud Frede <frede@mouse-potato.com> - 2018-08-26 18:52 -0400
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-27 00:06 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Dan Espen <dan1espen@gmail.com> - 2018-08-26 21:01 -0400
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-23 16:59 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-23 18:46 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 13:03 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-24 00:33 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 18:43 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-24 05:16 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 23:43 -0600
secure file distribution Ivan Shmakov <ivan@siamics.net> - 2018-08-25 17:05 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-24 02:26 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades elvis-85650@notatla.org.uk - 2018-08-23 19:06 +0000
csiph-web