mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-23 21:02:09 +00:00
Explicitly clarify types of passwords
Explicitly limit the scope of the article to just passwords used in encryption/decryption.
This commit is contained in:
parent
388da5ea96
commit
6f610238f7
2 changed files with 8 additions and 1 deletions
|
@ -12,6 +12,8 @@ This question might not be especially practical, but it's fun to analyze and off
|
|||
|
||||
## Asking the right question
|
||||
|
||||
Let's limit the scope of this article to passwords used in encryption/decryption. An attacker is trying to guess a password to decrypt something.
|
||||
|
||||
Instead of predicting what tomorrow's computers may be able to do, let's examine the biggest possible brute-force attack that the laws of physics can allow.
|
||||
|
||||
A supercomputer is probably faster than your phone; however, given enough time, both are capable of doing the same calculations. If time isn't the bottleneck, energy usage is. More efficient computers can flip more bits with a finite amount of energy.
|
||||
|
|
|
@ -37,6 +37,9 @@ interesting perspective regarding sane upper-limits on password strength.
|
|||
Asking the right question
|
||||
-------------------------
|
||||
|
||||
Let's limit the scope of this article to passwords used in encryption/decryption. An
|
||||
attacker is trying to guess a password to decrypt something.
|
||||
|
||||
Instead of predicting what tomorrow's computers may be able to do, let's examine the
|
||||
*biggest possible brute-force attack* that the laws of physics can allow.
|
||||
|
||||
|
@ -60,7 +63,9 @@ MOAC?
|
|||
|
||||
### Quantifying password strength.
|
||||
|
||||
*A previous version of this section wasn't clear and accurate. I've since removed the offending bits and added a clarification about salting/hashing to the [Caveats and estimates]({{<ref "#caveats-and-estimates" >}}) section.*
|
||||
*A previous version of this section wasn't clear and accurate. I've since removed the
|
||||
offending bits and added a clarification about salting/hashing to the [Caveats and
|
||||
estimates]({{<ref "#caveats-and-estimates" >}}) section.*
|
||||
|
||||
A good measure of password strength is **entropy bits.** The entropy bits in a
|
||||
password is a base-2 logarithm of the number of guesses required to brute-force
|
||||
|
|
Loading…
Reference in a new issue