Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I did state so. You're still thinking in terms of brute force attacks but actually dictionary attacks are more common as they rattle off the 'low hanging fruit' much quicker. The danger of using common words like Randall did is that they might be in the dictionary so get cracked even before the attacker attempts to brute force the remainder of the passwords from a stolen database. In fact around half of the passwords people pick are vulnerable to such attacks (i'm on my phone though so can't easily cite a reference (I'm out of town this weekend) but it averages at either 40% or 60% of passwords use "guessable" / common terms)

If Randall has thrown in some punctuation and numbers then he's reducing the odds of that password being cracked. But as the example stood, it's advertising complacency against the most common method of modern password cracking.



> "The danger ... is that they might be in the dictionary"

Randal's entropy calculation clearly assumes a dictionary of about 2048 words, where the attacker has perfect knowledge of the dictionary at her disposal.

Randal's entropy calculation is correct, and the point of the cartoon is that 44 bits of entropy is much stronger than the passwords most people create using common password advice.

Personally, I think 44 bits is way too little entropy for a password, but I would be happy if my grandmother started using 44-bit passwords.


I got the point of the cartoon and I never argued that Randalls figures were wrong. I just think it's bad advice to give none technical people to say common words are secure because there's a risk that they won't use a sufficiently long (read: number of words) password.

At the end of the day, the whole password model is broken, and Randall summed that part up succinctly.


Um, no.

It is absolutely the case that dictionary attacks are better than per-character brute force against the passwords Randal suggests, but he's not calculating entropy based on per-character brute force. He's calculating entropy based on per word brute force, and if the words are in fact chosen randomly that's the best you can do. Any dictionary attack against XKCD-style passwords are a brute-force attack in word-space.

"Throw[ing] in some punctuation" does comparatively little.


I never said Randall calculated the entropy per character (please don't create arguments I didn't raise) and the reason I said adding punctuation might help is because it reduces the odds of the word being in the dictionary (if you're using terms not in a dictionary, then that dictionary attack will fail. Period). However even with adding punctuation theres still a chance the term is common enough to be included in a dictionary, so completely random passwords, while harder to remember, will be more secure.

I cited a link in another fork of this comment where a pen tester comments about the words included in modern dictionary attacks.


> I never said Randall calculated the entropy per character[.]

You said:

> You're still thinking in terms of brute force attacks but actually dictionary attacks are more common as they rattle off the 'low hanging fruit' much quicker.

But the entropy calculations assume the attacker has the word-list. There is no low-hanging fruit, here. Strings generated by the algorithm are lowest-hanging, but they're all at the same height, and that's the number of bits calculated. The only attack is a brute force attack against word sequences.

It is obviously true that anything that's not going to be checked is going to be stronger than anything that is, but the correct assumption is that your key generation algorithm is public, and building something to attack Randall's algorithm plus punctuation is not significantly harder than building something to attack Randall's algorithm as specified (a few extra bits, to be sure, but adding another word or increasing the list you're drawing from will be more effective).

Incidentally, producing a literal dictionary is likely to be way slower than drawing words from the dictionary directly, since 1000 words will fit in memory and maybe even cache, while a trillion phrases is going to barely fit on disk.

> [C]ompletely random passwords, while harder to remember, will be more secure.

This is certainly the case, for a given password length. But the important point the comic is making is that we shouldn't be worried about conserving password length but about conserving memorability (and perhaps ease of typing), and for a given memorability the phrase is likely to be more secure.


You're really not getting my point. You don't store a trillion phrases nor a literal dictionary. You store a table of commonly used words and build phrases from that. And it does pick off low hanging fruit. Often as many as 60% of passwords from an average dataset in fact. I suggest you have a read of http://arstechnica.com/security/2012/08/passwords-under-assa... as it puts its better than I every will when on a phone and nursing a hangover. :-)


You're REALLY not getting my point. THE COMIC ASSUMES THE ATTACKER IS BUILDING ATTEMPTS FROM THE SOURCE DICTIONARY. Using a dictionary (which is any list, however generated/stored) computed in any other way will perform (on average) SUBSTANTIALLY WORSE than using the dictionary THAT THE COMIC ASSUMES IN ITS CALCULATIONS.

The fact that passwords chosen in other ways are typically horribly vulnerable is MORE REASON TO USE THIS METHOD, not less!


Calm the hell down mate.

The facts are this:

1. Dictionary attacks are generally used before brute force attacks

2. Random passwords can't be cracked via dictionary attacks

This is why I will always prefer random passwords. However I was never disputing that passphrases aren't secure either (in fact I actually said they are), just that I've seen people misinterprete that comic to mean that grouping a couple of obvious words together is more secure than random chars. My point was to illustrate how much more complicated password security is. And this argument where you've gone round in circles trying to argue your silly points actually emphasises that. (And I say 'silly' because half the time you're kicking off over comments that you've misunderstood / misinterpreted).


FACEPALM

Added later:

Yes, dictionary attacks are more common. A dictionary attack is what converts this type of password from lg(27 ^ number of chars) bits, down to lg(wordlist size ^ number of words) bits. There's no way dictionary attacks can be used more effectively than that. Which is to say, the comic itself takes dictionary attacks into account and this kind of password (uniform distribution over words) cannot be cracked by a dictionary attack any easier than a "random" password (uniform distribution over strings) with the same amount of entropy, while being far, far more memorable.


We're going round in circles here because you keep pushing the same argument that was never even disputed and not listening to anything I've had to say on the matter. So I think it's you who deserve the facepalm.


All the words he is using are in your dictionary but you don't have all the combinations of all the words in your dictionary. If you have "Apple", "Baker", and "Charlie" in your dictionary, it doesn't help with "Apple Baker" or "Apple Charlie".


This misses the point. The comic assumes a dictionary attack - that is to say, not brute-forcing character-by-character but rather word-by-word, whether this is constructed in advance in a static dictionary (possible, for 4 words from 1000; less possible for larger) or generated in a stream (likely more efficient regardless). Cryptographically, it's a dictionary attack - you're confining your search space based on guesses (in this case, we're assuming entirely accurate guesses) about the shape of the password. The point is that in the face of this, it's still more secure than the "variations on a single word" type of password, and can be easily made sufficiently secure for high security tasks (8 words => ~80 bits, and longer lists make it easier still) while remaining comparably memorable.


A dictionary attack uses a pre-built dictionary of (words OR phrases).

A brute force attack takes an input of (characters OR words) and creates a (word OR passphrase) to test.

It doesn't help that you've made this mistake several times in this thread.

Imagine a 4 word diceware phrase.

One attacker has the diceware list of words. The attacker knows we have a 4 word phrase, and so starts kludging different 4 word combinations of the diceware phrase.

This is a bruteforce attack. It is not a dictionary attack.


It's a brute-force attack in word space; it's a dictionary attack in character space - you are picking guesses expected to be more likely.


It is a brute force attack in any space.

Please supply any citation for the use of 'dictionary attack' where the attacker takes a list of words and creates pass phrases from those words.

I don't know why you think otherwise.

> you are picking guesses expected to be more likely.

That's not what defines a dictionary or brute force attack.


No, it is most emphatically not a brute force attack in character space. A brute force attack (as I am sure you know) is exhaustively checking every combination; running through all combinations of characters is a way, way, way bigger search space. Restraining ourselves to looking at word combinations makes the search much more practical (just how practical depends on how much entropy is left).

Anyway, wikipedia says:

"In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying likely possibilities, such as words in a dictionary."

What matters is not how the possibilities are stored/generated, but that you have a pool of possibilities that are substantially more likely, that you can guess first. But if you want to argue some technicality, fine. I don't care so much about the particular labels - what is clear is that, if someone generates their password correctly following the directions in the comic, updated appropriately, a dictionary attack of any form is not effective in reducing the search space below ((word list size)^(words in phrase)), which can be fairly secure.


You don't need the word combinations. Dictionary attackswwill do that part for you (a bit like a brute force, but by cycling words instead of characters)




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: