From 0085518b41eaf2d8570b1c1b13aceb3a679b2f04 Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Sun, 17 Jan 2021 11:41:25 -0800 Subject: [PATCH] Re-word statement on not detailing crypto algos --- content/posts/password-strength.gmi | 4 +++- content/posts/password-strength.md | 13 ++++++++----- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/content/posts/password-strength.gmi b/content/posts/password-strength.gmi index 7e971d8..f21e37a 100644 --- a/content/posts/password-strength.gmi +++ b/content/posts/password-strength.gmi @@ -61,10 +61,12 @@ A brute-force attack will just guess a single password until the right one is fo When estimating, we'll prefer higher estimates that increase the odds of it guessing a password; after all, the point of this exercise is to establish an *upper* limit on password strength. We'll also simplify: for instance, the MOAC will not waste any heat, and the only way it can guess a password is through brute-forcing. Focusing on too many details would defeat the point of this thought experiment. -I won't address any particular encryption algorithms; this is just a pure and simple brute-force attack given precomputed password entropy. Furthermore, quantum computers can use Grover's algorithm for an exponential speed-up; to account for quantum computers using Grover's algorithm, calculate P(n/2, e) instead. +Quantum computers can use Grover's algorithm for an exponential speed-up; to account for quantum computers using Grover's algorithm, calculate P(n/2, e) instead. => https://en.wikipedia.org/wiki/Grover%27s_algorithm Grover's algorithm (Wikipedia) +Others are better equipped to explain encryption/hashing/key-derivation algorithms, so I won't; this is just a pure and simple brute-force attack given precomputed password entropy, assuming that the cryptography is bulletproof. + Obviously, I'm not taking into account future mathematical advances; my crystal ball broke after I asked it if humanity would ever develop the technology to make anime real. Finally, there's always a non-zero probability of a brute-force attack guessing a password with a given entropy. Literal "immunity" is impossible. Lowering this probability to statistical insignificance renders our password practically immune to brute-force attacks. diff --git a/content/posts/password-strength.md b/content/posts/password-strength.md index 7a655a9..30f93f9 100644 --- a/content/posts/password-strength.md +++ b/content/posts/password-strength.md @@ -106,11 +106,14 @@ password strength. We'll also simplify: for instance, the MOAC will not waste an heat, and the only way it can guess a password is through brute-forcing. Focusing on too many details would defeat the point of this thought experiment. -I won't address any particular encryption algorithms; this is just a pure and simple -brute-force attack given precomputed password entropy. Furthermore, quantum computers -can use [Grover's algorithm](https://en.wikipedia.org/wiki/Grover%27s_algorithm) for -an exponential speed-up; to account for quantum computers using Grover's algorithm, -calculate `P(n/2, e)` instead. +Quantum computers can use [Grover's +algorithm](https://en.wikipedia.org/wiki/Grover%27s_algorithm) for an exponential +speed-up; to account for quantum computers using Grover's algorithm, calculate +`P(n/2, e)` instead. + +Others are better equipped to explain encryption/hashing/key-derivation algorithms, +so I won't; this is just a pure and simple brute-force attack given precomputed +password entropy, assuming that the cryptography is bulletproof. Obviously, I'm not taking into account future mathematical advances; my crystal ball broke after I asked it if humanity would ever develop the technology to make anime