length of pw
in [Cryptography]
|
Prev: Call for papers: ISP-10, Orlando, USA, July 2010
Next: Question about polymorphic encryption used by some company
From: unruh on 1 Mar 2010 21:07 On 2010-03-02, Phoenix <ribeiroalvo(a)gmail.com> wrote: > On 1 Mar, 14:35, Ertugrul S?ylemez <e...(a)ertes.de> wrote: > >> Yes, and also note that increasing the length of a password has much >> greater effect than increasing the size of the alphabet. > > No. > > In exhaustive search, increasing the length of a password has the same > effect than increasing the size of the alphabet. ln(N)=L*ln(A) where A is the alphabet, and L is the length of the password. Ie, L has a far bigger effect on the number of passwords than does a similar increase in password. > > See: > For example: > > 64^8 is the sane as 256^6 So increasing the password length by 30% is the same as increasing the alphabet by a factor of 4 (400%) > > A 64 letter alphabet and pw_length=8, is the same as an 256 letter > alphabet and pw_length=6 > > 64^8=2^(6*8) > 256^6=2^(8*6) > > Paulo Marques, thanks for your great posts.
From: Phoenix on 1 Mar 2010 22:10 On 2 Mar, 01:07, unruh <un...(a)wormhole.physics.ubc.ca> wrote: > ln(N)=L*ln(A) > where A is the alphabet, and L is the length of the password. Ie, L has > a far bigger effect on the number of passwords than does a similar > increase in password. > So increasing the password length by 30% is the same as increasing the > alphabet by a factor of 4 (400%) > > unruh, imagine that we have two alphabets: A1 with n characters A2 with 2n characters and Length_pw1=Length_pw2 It's easy to see, than costs more to find pw2 then pw1. At the end, what matters is the result of 2^(A*L). Thats why, if we talk in bits, we need more then if we talk about Bytes or Hexa. Binary have A=2 and Bytes have A=8 and Hexa have A=16. The importance of a bigger alphabet is the need of smaller length_pw, for the same safety and, consequently, easy to humans memorize it. I think you agree with me, then is more easy to memorize i.e 2 letters in a 256 alphabet, then i.e. 16 letters in an 32 alphabet.
From: J.D. on 1 Mar 2010 22:29 > It's easy to see, than costs more to find pw2 then pw1. > At the end, what matters is the result of 2^(A*L). Uh, don't you mean A^L? Or perhaps 2^(log2(A)*L)?
From: unruh on 1 Mar 2010 23:26 On 2010-03-02, Phoenix <ribeiroalvo(a)gmail.com> wrote: > On 2 Mar, 01:07, unruh <un...(a)wormhole.physics.ubc.ca> wrote: > >> ln(N)=L*ln(A) >> where A is the alphabet, and L is the length of the password. Ie, L has >> a far bigger effect on the number of passwords than does a similar >> increase in password. >> So increasing the password length by 30% is the same as increasing the >> alphabet by a factor of 4 (400%) >> >> > > unruh, imagine that we have two alphabets: > > A1 with n characters > A2 with 2n characters > > and > > Length_pw1=Length_pw2 > > It's easy to see, than costs more to find pw2 then pw1. > At the end, what matters is the result of 2^(A*L). ??? What is A. The answer is 2^(ln_2(n)*L) or n^L > > Thats why, if we talk in bits, we need more then if we talk about > Bytes or Hexa. > Binary have A=2 and Bytes have A=8 and Hexa have A=16. > > The importance of a bigger alphabet is the need of smaller length_pw, > for the same safety and, consequently, easy to humans memorize it. > I think you agree with me, then is more easy to memorize i.e 2 letters > in a 256 alphabet, then i.e. 16 letters in an 32 alphabet. Is it easier to memorize a hex number than a decimal? Not if you are used to decimal numbers. The "most efficient" alphabet has about 3 characters (least stuff to memorize), if I remember correctly. A bigger alphabet costs far more to memorize the alphabet than you gain from fewer characters in the word. That is because of the ln(n) in the above.
From: Phoenix on 2 Mar 2010 08:20
On 2 Mar, 12:38, Ertugrul Söylemez <e...(a)ertes.de> wrote: > Note that you don't memorize alphabets, but passwords. Shorter > passwords in exchange for larger alphabets are generally easier to > memorize, that's why we use dictionary-based passwords like Diceware. > > The tradeoff is: If we want to decrease the length needed, we must make > our alphabets rather huge. Just adding more ASCII characters won't be > enough. Instead our alphabet must become a dictionary. Completly agree. |