Even if the individual characters are all limited to, the exponent implied in "we added another lowercase character, so multiply by 26 again" tends to dominate the results. It is absolutely true that people make passwords hard to remember because they think they are "safer", and it is certainly true that length, all other things being equal, tends to make for very strong passwords and this can be confirmed by using 's password strength checker.
Using such symbols was again visited in one of the tips in 1820: Security Advice. (For related info, see ).Īnother way of selecting a password is to have 2048 "symbols" (common words) and select only 4 of those symbols. This is because the password follows a simple pattern of a dictionary word + a couple extra numbers or symbols, hence the entropy calculation is more appropriately expressed with log2(65000*94*94), with 65000 representing a rough estimate of all dictionary words people are likely to choose.
However the comic shows that "Tr0ub4dor&3" has only 28 bits of entropy. It is calculated as log2(a^b) where a is the number of allowed symbols and b is its length.Ī truly random string of length 11 (not like "Tr0ub4dor&3", but more like "J4I/tyJ&Acy") has log2(94^11) = 72.1 bits, with 94 being the total number of letters, numbers, and symbols one can choose. In this context, it can be thought of as a value representing how unpredictable the next character of a password is. On the other hand, a password such as "correct horse battery staple" is hard for computers to guess due to having more entropy but quite easy for humans to remember.Įntropy is a measure of "uncertainty" in an outcome. This comic says that a password such as "Tr0ub4dor&3" is bad because it is easy for password cracking software and hard for humans to remember, leading to insecure practices like writing the password down on a post-it attached to the monitor. Title text: To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize.
0 kommentar(er)
