1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-27 14:12:09 +00:00

Explicitly clarify types of passwords

Explicitly limit the scope of the article to just passwords used in
encryption/decryption.
This commit is contained in:
Rohan Kumar 2021-01-17 23:49:12 -08:00
parent 388da5ea96
commit 6f610238f7
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479
2 changed files with 8 additions and 1 deletions

View file

@ -12,6 +12,8 @@ This question might not be especially practical, but it's fun to analyze and off
## Asking the right question ## Asking the right question
Let's limit the scope of this article to passwords used in encryption/decryption. An attacker is trying to guess a password to decrypt something.
Instead of predicting what tomorrow's computers may be able to do, let's examine the biggest possible brute-force attack that the laws of physics can allow. Instead of predicting what tomorrow's computers may be able to do, let's examine the biggest possible brute-force attack that the laws of physics can allow.
A supercomputer is probably faster than your phone; however, given enough time, both are capable of doing the same calculations. If time isn't the bottleneck, energy usage is. More efficient computers can flip more bits with a finite amount of energy. A supercomputer is probably faster than your phone; however, given enough time, both are capable of doing the same calculations. If time isn't the bottleneck, energy usage is. More efficient computers can flip more bits with a finite amount of energy.

View file

@ -37,6 +37,9 @@ interesting perspective regarding sane upper-limits on password strength.
Asking the right question Asking the right question
------------------------- -------------------------
Let's limit the scope of this article to passwords used in encryption/decryption. An
attacker is trying to guess a password to decrypt something.
Instead of predicting what tomorrow's computers may be able to do, let's examine the Instead of predicting what tomorrow's computers may be able to do, let's examine the
*biggest possible brute-force attack* that the laws of physics can allow. *biggest possible brute-force attack* that the laws of physics can allow.
@ -60,7 +63,9 @@ MOAC?
### Quantifying password strength. ### Quantifying password strength.
*A previous version of this section wasn't clear and accurate. I've since removed the offending bits and added a clarification about salting/hashing to the [Caveats and estimates]({{<ref "#caveats-and-estimates" >}}) section.* *A previous version of this section wasn't clear and accurate. I've since removed the
offending bits and added a clarification about salting/hashing to the [Caveats and
estimates]({{<ref "#caveats-and-estimates" >}}) section.*
A good measure of password strength is **entropy bits.** The entropy bits in a A good measure of password strength is **entropy bits.** The entropy bits in a
password is a base-2 logarithm of the number of guesses required to brute-force password is a base-2 logarithm of the number of guesses required to brute-force