1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-10 00:12:09 +00:00

Explicitly clarify types of passwords

Explicitly limit the scope of the article to just passwords used in
encryption/decryption.
This commit is contained in:
Rohan Kumar 2021-01-17 23:49:12 -08:00
parent 388da5ea96
commit 6f610238f7
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479
2 changed files with 8 additions and 1 deletions

View file

@ -12,6 +12,8 @@ This question might not be especially practical, but it's fun to analyze and off
## Asking the right question
Let's limit the scope of this article to passwords used in encryption/decryption. An attacker is trying to guess a password to decrypt something.
Instead of predicting what tomorrow's computers may be able to do, let's examine the biggest possible brute-force attack that the laws of physics can allow.
A supercomputer is probably faster than your phone; however, given enough time, both are capable of doing the same calculations. If time isn't the bottleneck, energy usage is. More efficient computers can flip more bits with a finite amount of energy.

View file

@ -37,6 +37,9 @@ interesting perspective regarding sane upper-limits on password strength.
Asking the right question
-------------------------
Let's limit the scope of this article to passwords used in encryption/decryption. An
attacker is trying to guess a password to decrypt something.
Instead of predicting what tomorrow's computers may be able to do, let's examine the
*biggest possible brute-force attack* that the laws of physics can allow.
@ -60,7 +63,9 @@ MOAC?
### Quantifying password strength.
*A previous version of this section wasn't clear and accurate. I've since removed the offending bits and added a clarification about salting/hashing to the [Caveats and estimates]({{<ref "#caveats-and-estimates" >}}) section.*
*A previous version of this section wasn't clear and accurate. I've since removed the
offending bits and added a clarification about salting/hashing to the [Caveats and
estimates]({{<ref "#caveats-and-estimates" >}}) section.*
A good measure of password strength is **entropy bits.** The entropy bits in a
password is a base-2 logarithm of the number of guesses required to brute-force