Hacker News new | ask | show | jobs
by kragen 1527 days ago
I'm confident that http://canonical.org/~kragen/sw/netbook-misc-devel/bitwords.... produces passwords with precisely the expected entropy, and it's secure under Kerckhoffs's principle, so I don't mind sharing it. For the ones that consist of words, the wordlist I use is http://canonical.org/~kragen/sw/netbook-misc-devel/wordlist, the frequencies of the words that occur 5 times or more in the British National Corpus.

This representation is my favorite:

The 84-bit number 10231239242746186561668573 can be represented as: ...

In 12-bit words of 5 letters or less: hits towel bloke gala blah jimmy barry

Diceware is good too.

A word of warning: be careful playing around with stochastic text generation if you're susceptible to delusions and hallucinations. You'd have to be pretty far gone to think "hits towel bloke gala blah jimmy barry" was a message from God, but of course we all know people who have fallen into that kind of belief, and the strain on credulity gets smaller as the text model gets more sophisticated.
1 comments
brosciencecode 1527 days ago
Wouldn't a generator like this significantly increase risk of succumbing to dictionary attacks? I probably just don't understand part of what it's doing, but I'm curious.
link
kragen 1527 days ago
It depends on what your baseline is. With knowledge of the generation algorithm, a dictionary attack on a password generated that way will definitely succeed, but on average it will take 2⁸³ tries (twice that at worst). At a billion tries per second this is 300 million years, almost long enough for the Sun to engulf the Earth if your attacker devotes only a single CPU to the task. There are commonly used password hashing algorithms that can only do a few hundred tries per second per CPU, which pushes the average success time to a quadrillion years, fifty thousand times the current age of the universe.

By contrast, trying every phrase of 20 words or less in every book that has ever been published would only take something like 129 million × 19 × 500,000 = 1.225 quadrillion tries. At a billion tries a second, that's only two weeks. (And if the password hash is inadequately salted, the attacker can use a rainbow table and put in that effort ahead of time and distribute it across all the victims.)

An attacker with more resources might devote a million CPUs to the problem, which would cut the time to success from 300 million years down to only 300 years (assuming a billion tries a second). In the next few decades it will become practical to devote much larger amounts of computation to problems like this, so such an attack might succeed, but currently it is beyond the capabilities of all but a few adversaries. And, as I understand it, Grover's algorithm will enable a large enough quantum computer to solve your password in only 2⁴² tries, which is only about four trillion tries, under an hour at the billion-tries-per-second speed I suggested above. I'm not sure, but I think it would need to prevent qubit decoherence for that period of time.

You can get equivalent security with a shorter password that looks like random gibberish, such as b7fc d750 9a52 ad6a e48c a, eedgckeimbjdefhcjclmghh, mgujdlrgdfmadtlidu, 1qvrx21zego0scvyi, 17uUPBKnfX7fSNY, >4h)&crV,+E{O, or 宜潨阰揫難侌, but those are a lot harder to memorize. They're shorter to type, though, and they're less vulnerable to side-channel attacks.

Looking random isn't good enough, though. They need to actually be random.

link
Alan_Dillman 1527 days ago
In short, oodles of noodles is a better chew than fewer, stranger noodles in your alphabet soup.
link
Pamar 1527 days ago
Is this your password?!
link
froh 1527 days ago
Nice try:-)
link