|
|
Subscribe / Log in / New account

Password scheme

Password scheme

Posted May 23, 2013 16:55 UTC (Thu) by njwhite (guest, #51848)
In reply to: Password scheme by aaron
Parent article: DeadDrop and Strongbox

Passphrases are always supposed to be like that, I think. The 'diceware' method is a popular way to generate them.

So these sorts of passwords have been around for ages.

Though presumably if you know you're targeting say 4 dictionary words, you can reduce the time to crack enormously (with a general offline dictionary attack, not relevant to dead drop's system.)

to post comments

Password scheme

Posted May 24, 2013 21:54 UTC (Fri) by diederich (subscriber, #26007) [Link] (3 responses)

Selecting at random four words from the /usr/share/dict/words on my box (which contains 99171 entries) gives you more than 64 bits of entropy. At one billion tries per second, it will take up to 584 years to find the right combo.

You did say 'reduce'; most people select passwords that have less entropy, and are possibly not as easy to remember.

I'm not aware of any system that allows me to remember that many bits of entropy so easily.

Password scheme

Posted Jun 5, 2013 15:44 UTC (Wed) by robbe (guest, #16131) [Link] (2 responses)

> Selecting at random four words from the /usr/share/dict/words on my
> box (which contains 99171 entries) gives you more than 64 bits of
> entropy.
> [...]
> I'm not aware of any system that allows me to remember that many
> bits of entropy so easily.

Assuming we have the same words file (the number of entries match), this contains a lot of hard-to-remember variants. For example every name occurs in there as "Jack" and as "Jack's". It is definitely not the list of simple words used by XKCD 936 (dictonary size 2^11 == 2048).

For the sake of discussion, a script of mine generated this alternatives from the same 64 bits of randomness:

adzes rights Macumba's staleness's
AU's mastoscirrhus seel Bremerton's
Abgangszeugnisse Sollstärke blumigen Synthetik
17244702336126568816
gyskcgtcjfpsbg
cpprKpTOYLaG
uH25bi602OO
dLl%M4Aw.ZI
?bwto5p5Zs
y°USK8Tüöq
g-ßa+j6ög3bv

Decide for yourself if you're better at remembering the spelling of "mastoscirrhus" or "adzes" (or was it "adzes's") or a shorter random jumble of characters.

[an hour later]
I added another wordlist based on Ogden's Basic English containing a bit over 2000 words. Example output:

disgust saucer cool library overall moral

Password scheme

Posted Jun 6, 2013 7:30 UTC (Thu) by micka (subscriber, #38720) [Link] (1 responses)

There are lists created specifically for this usage.
Just take the diceware list or one language spcific one.

Password scheme

Posted Jun 6, 2013 13:07 UTC (Thu) by robbe (guest, #16131) [Link]

The diceware list contains too many obscure entries for my taste. YMMV.

We can agree that /usr/share/dict/words is usually not the best candidate.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds