From ad6d2078fe5769e50cace79d10897ce72dd47f01 Mon Sep 17 00:00:00 2001 From: Rohan Kumar Date: Thu, 14 Jan 2021 15:13:02 -0800 Subject: [PATCH] Clarify the meaning of being "immune" As suggested by u/DragonCalypso on Reddit. --- content/posts/password-strength.gmi | 4 +++- content/posts/password-strength.md | 7 ++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/content/posts/password-strength.gmi b/content/posts/password-strength.gmi index f5096e5..e9e8afa 100644 --- a/content/posts/password-strength.gmi +++ b/content/posts/password-strength.gmi @@ -55,9 +55,11 @@ When estimating, we'll prefer higher estimates that increase the odds of it gues I won't address any particular encryption algorithms; this is just a pure and simple brute-force attack given precomputed password entropy. Furthermore, quantum computers can use Grover's algorithm for an exponential speed-up; to account for quantum computers using Grover's algorithm, calculate P(n/2, e) instead. +=> https://en.wikipedia.org/wiki/Grover%27s_algorithm Grover's algorithm (Wikipedia) + Obviously, I'm not taking into account future mathematical advances; my crystal ball broke after I asked it if humanity would ever develop the technology to make anime real. -=> https://en.wikipedia.org/wiki/Grover%27s_algorithm Grover's algorithm (Wikipedia) +Finally, there's always a non-zero probability of a brute-force attack guessing a password with a given entropy. Literal "immunity" is impossible. Lowering this probability to statistical insignificance renders our password practically immune to brute-force attacks. ## Computation diff --git a/content/posts/password-strength.md b/content/posts/password-strength.md index 3a82d45..f87aaab 100644 --- a/content/posts/password-strength.md +++ b/content/posts/password-strength.md @@ -107,6 +107,11 @@ Obviously, I'm not taking into account future mathematical advances; my crystal broke after I asked it if humanity would ever develop the technology to make anime real. +Finally, there's always a non-zero probability of a brute-force attack guessing a +password with a given entropy. Literal "immunity" is impossible. Lowering this +probability to statistical insignificance renders our password practically immune to +brute-force attacks. + Computation ----------- @@ -255,7 +260,7 @@ Here are some sample outputs: If your threat model is a bit smaller, simulate putting a smaller object into the MOAC's furnace. For example, the Earth has a mass of 5.972×10²⁴ kg; this gives the MOAC a one-in-ten-trillion chance of cracking a password with 256 entropy bits and a -100% chance of cracking a 213-bit password. +100% chance of cracking a 213-bit password. Sample unbreakable passwords ----------------------------