linkp.gif linkr.gif linke.gif

Home

 
Passphrase/word Strength Issue
 
Password and Passphrase strength is easily misunderstood. It is expressed in entropy numbers, either in bits (binary) or Dits (decimal). The following example explains the difficulty.
 
The passphrase countpossiblepasswords  seems very strong given an avarage recovery time of millions of centuries if recovery is based on character based brute force methods. According  to Diceware though, the strength is only ~39 bits  equaling to a SimThrow average recovery time estimate of 0.6 sec only!
 
This dependency validity of strength numbers is recognized by many people mentioning that a password should therefore not contain dictionary words. Yet, those words are the basis of Diceware Passphrases. And these can be very strong indeed.
 
Jumping to conclusions, strength is not an attribute of a password only, as it is often presented. The required stength number, is dependent on the phrase, the intended hash method, the recovery method (character based, dictionary, smart etc.),  the hardware recovery capacity and its dictionary. Therefore SimThrow provides strength  numbers and estimates for a number cases.
 
Simthrow passphrase generator & tester download 
 

 
 

PassPhrase Generation
PassPhrase Strength
SimThrow Download
Information Security
Innovation through IT

I T U R A

B.V.