mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-27 14:12:09 +00:00
Explicitly clarify types of passwords
Explicitly limit the scope of the article to just passwords used in encryption/decryption.
This commit is contained in:
parent
388da5ea96
commit
6f610238f7
2 changed files with 8 additions and 1 deletions
|
@ -12,6 +12,8 @@ This question might not be especially practical, but it's fun to analyze and off
|
||||||
|
|
||||||
## Asking the right question
|
## Asking the right question
|
||||||
|
|
||||||
|
Let's limit the scope of this article to passwords used in encryption/decryption. An attacker is trying to guess a password to decrypt something.
|
||||||
|
|
||||||
Instead of predicting what tomorrow's computers may be able to do, let's examine the biggest possible brute-force attack that the laws of physics can allow.
|
Instead of predicting what tomorrow's computers may be able to do, let's examine the biggest possible brute-force attack that the laws of physics can allow.
|
||||||
|
|
||||||
A supercomputer is probably faster than your phone; however, given enough time, both are capable of doing the same calculations. If time isn't the bottleneck, energy usage is. More efficient computers can flip more bits with a finite amount of energy.
|
A supercomputer is probably faster than your phone; however, given enough time, both are capable of doing the same calculations. If time isn't the bottleneck, energy usage is. More efficient computers can flip more bits with a finite amount of energy.
|
||||||
|
|
|
@ -37,6 +37,9 @@ interesting perspective regarding sane upper-limits on password strength.
|
||||||
Asking the right question
|
Asking the right question
|
||||||
-------------------------
|
-------------------------
|
||||||
|
|
||||||
|
Let's limit the scope of this article to passwords used in encryption/decryption. An
|
||||||
|
attacker is trying to guess a password to decrypt something.
|
||||||
|
|
||||||
Instead of predicting what tomorrow's computers may be able to do, let's examine the
|
Instead of predicting what tomorrow's computers may be able to do, let's examine the
|
||||||
*biggest possible brute-force attack* that the laws of physics can allow.
|
*biggest possible brute-force attack* that the laws of physics can allow.
|
||||||
|
|
||||||
|
@ -60,7 +63,9 @@ MOAC?
|
||||||
|
|
||||||
### Quantifying password strength.
|
### Quantifying password strength.
|
||||||
|
|
||||||
*A previous version of this section wasn't clear and accurate. I've since removed the offending bits and added a clarification about salting/hashing to the [Caveats and estimates]({{<ref "#caveats-and-estimates" >}}) section.*
|
*A previous version of this section wasn't clear and accurate. I've since removed the
|
||||||
|
offending bits and added a clarification about salting/hashing to the [Caveats and
|
||||||
|
estimates]({{<ref "#caveats-and-estimates" >}}) section.*
|
||||||
|
|
||||||
A good measure of password strength is **entropy bits.** The entropy bits in a
|
A good measure of password strength is **entropy bits.** The entropy bits in a
|
||||||
password is a base-2 logarithm of the number of guesses required to brute-force
|
password is a base-2 logarithm of the number of guesses required to brute-force
|
||||||
|
|
Loading…
Reference in a new issue