[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Noob dumb question (extending emacs)

From: Emanuel Berg
Subject: Re: Noob dumb question (extending emacs)
Date: Fri, 22 Oct 2021 21:26:02 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)

Jean Louis wrote:

> Out of 4540 passwords maintained in my computer and demands
> by websites, I can conclude that passwords shall:
> - be very random, not similar to any dictionary words

Right, since a brute force attack would (1) iterate such
existing dictionaries and those are a small subset of all
possible passwords, yet if allowed, people would still use
them, and more often so than any (to a human) meaningless
combination of chars, so not only would it (2) decrease the
search space, it would (3) increase the likelihood of a hit in
that, already diminished space ...

That is, it will be easier to carry out a brute force attack
(point 1), and the likelihood of success will increase (points
2 and 3).

Technically the search space wouldn't be decreased, on the
contrary by disallowing such words, THAT will decrease it, but
because of human behavior ... its a decrease that will be
an increase!

> - have mixture of upper and lower letters;
> - include some numbers;
> - include special symbols like & or %

Well, this will increase the search space size. But just
because it looks more cr%pt1C to a human doesn't mean it is
necessarily more difficult for a computer since it will just
iterate all possible chars ... However the bigger the space ->
the more attempts -> the more computing power and/or time will
be necessary.

The search space size is easy enough to calculate, if the
allowed alphabet (chars) are A = {a ... o} and the min
password length is n and the max is m (so n <= m), then the
number of combinations, i.e. the search space size, would be
... |A|**n + ... + |A|**i + ... + |A|**m for all integers
i that are n < i < m (and including the endpoints n and m,
this can be put in math using the big sigma, for summation,
and below it, initialization, here i = n, above it, where the
loop stops if you will, here m, yes inclusive).

The math behind it is called combinatorics and is a branch of
math that is very easy to a programmer's mind I'd say :) (I
hope I won't regret having said that :P)

Now, if one doesn't rely on passwords at all, the brute force
attack guess it won't ever succeed ...

underground experts united

reply via email to

[Prev in Thread] Current Thread [Next in Thread]