this post was submitted on 17 Jul 2023
271 points (100.0% liked)
Programmer Humor
854 readers
6 users here now
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
- Posts must be relevant to programming, programmers, or computer science.
- No NSFW content.
- Jokes must be in good taste. No hate speech, bigotry, etc.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The idea is that entropy is measured with possible words instead of possible characters. It turns out 7 7-bit ascii characters have less entropy than 4 14-bit equivalent words (that is, the 16,384 most common ones). And that's in the ideal case it's a totally random 7 characters.
Every attack is technically a dictionary attack here, but it doesn't help enough because the password to a computer is still 30 characters long. To a human it seems a lot easier than ")f1:.{yJCzNv]@R=S K$~=", though.
PS. Turning /dev/random output into 7-bit ascii characters is surprisingly involved in Haskell. C would have been easier. This was the world's slowest ninja edit.
Schneier disagrees.
Thanks for the explanation, I remember the explanation in https://xkcd.com/936/ but wasn't sure how that held up for different attack methods.