Thus, if you start with a 6-word passphrase (each word being selected based on rolling five 6-sided dice, for 6 5 = 7776 possibilities), your base entropy will be 6×5×2.6 bits = 78 bits. It increases by 1 bit each time that you base a decision on a coin flip, it increases by log₂6 = 2.6 bits each time that you base a decision on a dice roll (with a 6-sided dice), and it increases by log₂ N bits for any decision made using a hypothetical N-sided dice. Im sure adding spaces or special characters as spacers, a number or two and a capital letter or two would add entropy but ive no idea how to calculate how much.Įntropy increases by making random choices. The lesser of these would be the strength of our password, at least that is my assumption as a layman. Adding a single word increases the possibilities by 7776, or almost 13 bits of entropy. It also follows that the choices you make around these details are insignificant compared to the number of words in the passphrase. You can see I subscribe to Kerckhoff's Principle, where you should assume an attacker knows you used the Bitwarden password generator. How about capitalization? You either do or you don't, so that is a factor of two, which is one bit of entropy.Īnd for the sake of discussion let's assume there are 16 different word separators. That increases the combinatorics by a factor of 50 or somewhat less than six bits of entropy. That means you have ten possibilities 0 through 9) and five places to put that digit: before each word or after the end. If you were using 1password's generator, where only one of your words is capitalized, it would add a very modest log(L) to your score.īut if we also take advantage of Bitwarden's additional built in strengthening options (add a number, use a symbol as a word separator, Capitalization) how does this add to or effect overall password strength / entropy? It's only purpose would seem to be to satisfy antiquated password rules. with 1password app giving you 1 of 16 digits and symbols between each word, then it's the usual math:Īgain, Bitwarden's generator capitalization is entirely deterministic, so i wouldn't assign it any entropy at all. The main purpose of a separator is not to add additional entropy, but to make guesses of one word in the dictionary only valid for one word at a time. If this symbol is repeated, i would assign it no additional entropy, because it is just a method. If you varied the position of this digit (Bitwarden generator does not), this would be much higher Add log(10*L), since for every guess you now need to append 1 of 10 digits to each of L words to exhaust.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |