From 4c7eaf91f0c6f3a6e37b36dc731731f015503146 Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Sat, 16 Jan 2021 15:41:49 -0800 Subject: [PATCH] More in further reading/acknowledgements (+typo) - Add link to a paper by Seth Lloyd to "Further reading" - Add a subheading to "Further reading" concerning approaches accounting for computation speed. - Elaborate on the part of Schneier's blog post that proved helpful. - Revert typo fix in which I erroneously swapped + and -. --- content/posts/password-strength.gmi | 20 ++++++++++++----- content/posts/password-strength.md | 34 ++++++++++++++++++++--------- 2 files changed, 39 insertions(+), 15 deletions(-) diff --git a/content/posts/password-strength.gmi b/content/posts/password-strength.gmi index 98a9620..46a0072 100644 --- a/content/posts/password-strength.gmi +++ b/content/posts/password-strength.gmi @@ -74,7 +74,7 @@ A more involved approach to picking a good value might utilize the Plank-Einstei => https://en.wikipedia.org/wiki/Planck%E2%80%93Einstein_relation Plank-Einstein relation (Wikipedia) -It's also probably a better idea to make this value an estimate for flipping a single bit, and to estimate the average number of bit-flips it takes to make a single password guess. If that bothers you, pick a number b you believe to be a good estimate for a bit-flip-count and calculate P(n-b, e) instead of P(n, e). +It's also probably a better idea to make this value an estimate for flipping a single bit, and to estimate the average number of bit-flips it takes to make a single password guess. If that bothers you, pick a number b you believe to be a good estimate for a bit-flip-count and calculate P(n+b, e) instead of P(n, e). What's the temperature of the system? Three pieces of information help us find out: @@ -246,7 +246,7 @@ At that point, a formidable threat would rather use other means to unlock your s => https://xkcd.com/538/ xkcd 538: Security -## Further reading: an alternate approach +## Further reading: alternative approaches See Scott Aaronson's article on Cosmology and Complexity: @@ -258,17 +258,25 @@ He uses an alternative approach to finding the maximum bits we can work with: he This model takes into account more than just the mass of the observable universe. While we previously found that the MOAC can brute-force a password with 306.76 entropy bits, this model allows the same for up to 405.3 bits. -Another well-known approach to calculating physical limits of computation is Bremermann's limit, which calculates the speed of computation given a finite amount of mass. This article's approach disregards time, focusing only on mass-energy equivalence. +### Approaches that account for computation speed + +This article's approach deliberately disregards computation speed, focusing only on energy required to finish a set of computations. Other approaches account for physical limits on computation speed. + +One well-known approach to calculating physical limits of computation is Bremermann's limit, which calculates the speed of computation given a finite amount of mass. => https://en.wikipedia.org/wiki/Bremermann%27s_limit Bremermann's limit (Wikipedia) +A publication⁵ by Seth Lloyd from MIT further explores limits to computation speed on an ideal 1-kilogram computer: + +=> https://arxiv.org/abs/quant-ph/9908043 + ## Acknowledgements Thanks to Barna Zsombor and Ryan Coyler for helping me over IRC with my shaky physics and pointing out the caveats of my approach. My notes from Thermal Physics weren't enough to write this; various Wikipedia articles were also quite helpful, most of which were linked in the body of the article. -A blog post by Bruce Schneier contained a useful excerpt from his book *Applied Cryptography*⁵ involving setting the minimum energy per computation to kT: +While I was struggling to come up with a good expression for the minimum energy used per password guess, I stumbled upon a blog post by Bruce Schneier. It contained a useful excerpt from his book *Applied Cryptography*⁶ involving setting the minimum energy per computation to kT: => https://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html @@ -284,4 +292,6 @@ I chose a more conservative estimate for T than Schneier did, and a *much* great ⁴ This is a massive oversimplification; there isn't a single answer to the question "What is the volume of the universe?" Using this speed-of-light approach is one of multiple valid perspectives. The absolute size of the observable universe is much greater due to the way expansion works, but stuffing that into the MOAC's furnace would require moving mass faster than the speed of light. -⁵ Schneier, Bruce. Applied Cryptography, Second Edition, John Wiley & Sons, 1996. +⁵ Lloyd, S., “Ultimate Physical Limits to Computation,” Nature 406, 1047-1054, 2000. + +⁶ Schneier, Bruce. Applied Cryptography, Second Edition, John Wiley & Sons, 1996. diff --git a/content/posts/password-strength.md b/content/posts/password-strength.md index 5ab8d8a..7fd80cc 100644 --- a/content/posts/password-strength.md +++ b/content/posts/password-strength.md @@ -131,7 +131,7 @@ relation](https://en.wikipedia.org/wiki/Planck%E2%80%93Einstein_relation). It's also probably a better idea to make this value an estimate for flipping a single bit, and to estimate the average number of bit-flips it takes to make a single password guess. If that bothers you, pick a number `b` you believe to be a good -estimate for a bit-flip-count and calculate `P(n-b, e)` instead of `P(n, e)`. +estimate for a bit-flip-count and calculate `P(n+b, e)` instead of `P(n, e)`. What's the temperature of the system? Three pieces of information help us find out: @@ -308,8 +308,8 @@ conservation of energy: At that point, a formidable threat would rather use [other means](https://xkcd.com/538/) to unlock your secrets. -Further reading: an alternative approach ----------------------------------------- +Further reading: alternative approaches +--------------------------------------- Check out Scott Aaronson's article, [Cosmology and Complexity](https://www.scottaaronson.com/democritus/lec20.html). He uses an @@ -320,11 +320,20 @@ This model takes into account more than just the mass of the observable universe While we previously found that the MOAC can brute-force a password with 306.76 entropy bits, this model allows the same for up to 405.3 bits. -Another well-known approach to calculating physical limits of computation is +### Approaches that account for computation speed + +This article's approach deliberately disregards computation speed, focusing only on +energy required to finish a set of computations. Other approaches account for +physical limits on computation speed. + +One well-known approach to calculating physical limits of computation is [Bremermann's limit](https://en.wikipedia.org/wiki/Bremermann%27s_limit), which calculates the speed of computation given a finite amount of mass. This article's approach disregards time, focusing only on mass-energy equivalence. +[A publication](https://arxiv.org/abs/quant-ph/9908043)[^5] by Seth Lloyd from MIT +further explores limits to computation speed on an ideal 1-kilogram computer. + Acknowledgements ---------------- @@ -336,11 +345,13 @@ My notes from Thermal Physics weren't enough to write this; various Wikipedia articles were also quite helpful, most of which were linked in the body of the article. -A [blog post](https://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html) by -Bruce Schneier also contained a useful excerpt from his book *Applied -Cryptography*[^5] involving setting the minimum energy per computation to `kT`. I -chose a more conservative estimate for `T` than Schneier did, and a *much* greater -source of energy. +While I was struggling to come up with a good expression for the minimum energy used +per password guess, I stumbled upon a [blog +post](https://www.schneier.com/blog/archives/2009/09/the_doghouse_cr.html) by Bruce +Schneier. It contained a useful excerpt from his book *Applied Cryptography*[^6] +involving setting the minimum energy per computation to `kT`. I chose a more +conservative estimate for `T` than Schneier did, and a *much* greater source of +energy. [^1]: James Massey (1994). "Guessing and entropy" (PDF). Proceedings of 1994 IEEE International Symposium on Information Theory. IEEE. p. 204. @@ -359,4 +370,7 @@ source of energy. universe is much greater due to the way expansion works, but stuffing that into the MOAC's furnace would require moving mass faster than the speed of light. -[^5]: Schneier, Bruce. Applied Cryptography, Second Edition, John Wiley & Sons, 1996. +[^5]: Lloyd, S., "Ultimate Physical Limits to Computation," Nature 406.6799, + 1047-1054, 2000. + +[^6]: Schneier, Bruce. Applied Cryptography, Second Edition, John Wiley & Sons, 1996.