|
|
|
|
|
|
by blueblob
4442 days ago
|
|
|
I have always had a problem with this xkcd because most sites would disable your password after a number of bad guesses (making it not really matter that much), and additionally I don't see where 2^44 comes from. Taking the average word length selected and then computing the entropy using the average word length 4 times? Why not use the number of potential dictionary words and raise that to the 4th? echo "l($(wc -l /usr/share/dict/american-english|cut -d' ' -f1)^4)/l(2)"|bc -l
67.44701327930010565796
So we get a better power of 2 and a more accurate estimate. Granted one could filter the word list down to words that people actually know (which exceptional people normally know about 75,000 but most people know only 50,000[1]). echo "l(75000^4)/l(2)"|bc -l
64.77841190063187168389 echo "l(50000^4)/l(2)"|bc -l
62.43856189774724695805So I guess it's still better but it seems like a pretty big oversimplification to assume a length of word (especially a uniform one) and it shouldn't be that much harder to calculate the actual value. Maybe I did something wrong, I don't know. [1] http://news.bbc.co.uk/2/hi/uk_news/magazine/8013859.stm |
|
|