Passphrase/word Strength Issue
Password and Passphrase strength is easily misunderstood. It is expressed in entropy
numbers, either in bits (binary) or Dits (decimal). The following example explains the difficulty.
The passphrase countpossiblepasswords seems very strong given an avarage recovery time of millions of centuries if recovery
is based on character based brute force methods. According to Diceware though, the strength is only ~39 bits
equaling to a SimThrow average recovery time estimate of 0.6 sec only!
This dependency validity of strength numbers is
recognized by many people mentioning that a password should therefore not contain dictionary words. Yet, those words are the
basis of Diceware Passphrases. And these can be very strong indeed.
Jumping to conclusions, strength is not an attribute
of a password only, as it is often presented. The required stength number, is dependent on the phrase, the intended hash method, the
recovery method (character based, dictionary, smart etc.), the hardware recovery capacity and its dictionary. Therefore
SimThrow provides strength numbers and estimates for a number cases.
Innovation through IT
I T U R A