[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

On 09/11/14 14:25, Clint Byrum wrote:
> With that, I have to remember that Nobody is capitalized, and that the
> spaces are replaced by $ and 5. The other approach accepts that we are
> forgetful and so uses spaces. But it also has the weakness that if the
> approach and the separators are suspected, one can very cheaply run a
> dictionary attack before brute forcing random characters (and in fact
> this is what many password cracking tools do).

It's a trade-off. I didn't say "this is unacceptable because...", I only
asked the question.

The cost of a dictionary attack goes up exponentially with the number of
bits of entropy in the password or passphrase, which is why I asked how
much entropy this tool has. IMO, the right way to assess the quality of
the passphrases produced by one of these tools is to assume that the
attacker knows which tool you use, and its settings (word list, whether
to use punctuation, etc.), and see how many attempts it would take them
with that knowledge; then compare that with how memorable the results
are. Each bit of entropy doubles the number of possibilities that an
attacker needs to try.

pwqgen defaults to generating a passphrase with 47 bits of entropy. I
think it primarily includes capitals, punctuation and digits as a
workaround for sites that require passwords to contain these, rather
than as a way to increase entropy: after all, randomly choosing whether
each word has an initial capital only adds 1 bit of entropy per word.

Diceware[1] is an implementation of a similar algorithm designed to be
used via physical dice rather than a computer's pseudorandom number
generator. It uses 5 die rolls to choose one of 7776 distinct words, and
its author recommends a 6-word passphrase, resulting in about 77.5 bits
of entropy.


[1] http://world.std.com/~reinhold/diceware.html

Reply to: