Dup Ver Goto

PasswordStrength

pt2/security 07-31 13:46:46
14 lines, 149 words, 884 chars Monday 2023-07-31 13:46:46

Length vs Breadth

Suppose we start with a password that is four random words chosen from a dictionary of 1000. (Inspired, of course, by the famous xkcd). The question is:

We can increase password strength by either adding a fifth word from the same dictionary, or by continuing to use four words, but from a larger dictionary. By how much must we increase the dictionary size by to get the same effect as adding another word?

The maths is quite simple. The number of possible 5-word passwords is \(1000^5\), and so we need to solve \(x^4=10^5\), that is \[x=10^{5/4}\simeq 5623\] So we need to massively increase our dictionary size. This is why requiring symbols in passwords is silly compared to simply requiring that the password is longer. Furthermore, like the xkcd says, a sequence of random words is easier to remember and harder to crack.