Crypt-HSXKPasswd
view release on metacpan or search on metacpan
add a `T'.
If you made a one-letter password in this way there would only be two
possibilities, `H', or `T', or two permutations. If you made a
two-letter password in this way there would be four possible
combinations, or permutations, `HH', `HT', `TH', and `TT'. If you made a
three-character password in this way there would be 16 permutations, a
five character one would have 32 permutations, and so forth.
So, for a coin toss, which has two possible values for each character,
the formula for the number of permutations `P' for a given length of
password `L' is:
P = 2^L
Or, two to the power of the length of the password.
If we now swapped our coin for a dice, we would go from two possible
values per letter, to six possible values per letter. For one dice roll
there would be six permutations, for two there would be 36, for three
there would be 108 and so on.
This means that for a dice, the number of permutations can be calculated
with the formula:
P = 6^L
When talking about passwords, the set of possible symbols used for each
character in the password is referred to as the password's *alphabet*.
So, for the coin toss the alphabet was just `H' and `T', and for the
dice it was `1', `2', `3', `4', `5', and `6'. The actual characters used
in the alphabet make no difference to the strength of the password, all
that matters is the size of the alphabet, which we'll call `A'.
As you can probably infer from the two examples above, the formula for
the number of possible permutations `P' for a password of length `L'
created from an alphabet of size `A' is:
P = A^L
In the real world our passwords are generally made up of a mix of
letters, digits, and symbols. If we use mixed case that gives us 52
letters alone, then add in the ten digits from `0' to `9' and we're
already up to 62 possible characters before we even start on the array
of symbols and punctuation characters on our keyboards. It's generally
A two character password with alphabet of 95 has 9025 permutations,
increasing the length to three characters brings that up to 857,375, and
so on. These numbers very quickly become too big to handle. For just an
8 character password we are talking about 6,634,204,312,890,625
permutations, which is a number so big most people couldn't say it (what
do you call something a thousand times bigger than a trillion?).
Because the numbers get so astronomically big so quickly, computer
scientists use bits of entropy to measure password strength rather than
the number of permutations. The formula to turn permutations into bits
of entropy `E' is very simple:
E = Log(2)P
In other words, the entropy is the log to base two of the permutations.
For our eight character example that equates to about 52 bits.
There are two approaches to increasing the number of permutations, and
hence the entropy, you can choose more characters, or, you can make the
alphabet you are choosing from bigger.
scenario, the brute force attack, will be referred to as the blind
entropy, and the entropy in the second scenario the seen entropy.
The blind entropy is solely determined by the configuration settings,
the seen entropy depends on both the settings and the dictionary file
used.
Calculating the bind entropy `Eb' is quite straightforward, we just need
to know the size of the alphabet resulting from the configuration `A',
and the minimum length of passwords generated with the configuration
`L', and plug those values into this formula:
Eb = Log(2)(A^L)
Calculating `A' simply involves determining whether or not the
configuration results in a mix of letter cases (26 or 52 characters),
the inclusion of at least one symbol (if any one is present, assume the
industry standard of a 33 character search space), and the inclusion of
at least one digit (10 character). This will result in a value between
26 and 95.
The example password from the PHILOSOPHY section
(`!15.play.MAJOR.fresh.FLAT.23!') was generated using the preset
`WEB32'. This preset uses four words of between four and five letters
long, with the case of each word randomly set to all lower or all upper
as the basis for the password, it then chooses two pairs of random
digits as extra words to go front and back, before separating each word
with a copy of a randomly chosen symbol, and padding the front and back
of the password with a copy of a different randomly chosen symbol. This
results in passwords that contain a mix of cases, digits, and symbols,
and are between 27 and 31 characters long. If we add these values into
the formula we find that the blind entropy for passwords created with
this preset is:
Eb = Log(2)(95^27) = 163 bits
This is spectacularly secure! And, this is the most likely kind of
attack for a password to face. However, to have confidence in the
password we must also now calculate the entropy when the attacker knows
everything about how the password was generated.
We will calculate the entropy resulting from the same `WEB32' config
lib/Crypt/HSXKPasswd.pm view on Meta::CPAN
heads up, we add a C<H> to our password, if it lands tails up, we add a C<T>.
If you made a one-letter password in this way there would only be two
possibilities, C<H>, or C<T>, or two permutations. If you made a two-letter
password in this way there would be four possible combinations, or
permutations, C<HH>, C<HT>, C<TH>, and C<TT>. If you made a three-character
password in this way there would be 16 permutations, a five character one
would have 32 permutations, and so forth.
So, for a coin toss, which has two possible values for each character, the
formula for the number of permutations C<P> for a given length of password C<L>
is:
P = 2^L
Or, two to the power of the length of the password.
If we now swapped our coin for a dice, we would go from two possible values
per letter, to six possible values per letter. For one dice roll there would
be six permutations, for two there would be 36, for three there would be 108
and so on.
This means that for a dice, the number of permutations can be calculated with
the formula:
P = 6^L
When talking about passwords, the set of possible symbols used for each
character in the password is referred to as the password's I<alphabet>. So,
for the coin toss the alphabet was just C<H> and C<T>, and for the dice it
was C<1>, C<2>, C<3>, C<4>, C<5>, and C<6>. The actual characters used in
the alphabet make no difference to the strength of the password, all that
matters is the size of the alphabet, which we'll call C<A>.
As you can probably infer from the two examples above, the formula for the
number of possible permutations C<P> for a password of length C<L> created from
an alphabet of size C<A> is:
P = A^L
In the real world our passwords are generally made up of a mix of letters,
digits, and symbols. If we use mixed case that gives us 52 letters alone,
then add in the ten digits from C<0> to C<9> and we're already up to 62
possible characters before we even start on the array of symbols and
punctuation characters on our keyboards. It's generally accepted that if you
lib/Crypt/HSXKPasswd.pm view on Meta::CPAN
A two character password with alphabet of 95 has 9025 permutations, increasing
the length to three characters brings that up to 857,375, and so on. These
numbers very quickly become too big to handle. For just an 8 character password
we are talking about 6,634,204,312,890,625 permutations, which is a number
so big most people couldn't say it (what do you call something a thousand times
bigger than a trillion?).
Because the numbers get so astronomically big so quickly, computer scientists
use bits of entropy to measure password strength rather than the number of
permutations. The formula to turn permutations into bits of entropy C<E> is very
simple:
E = Log(2)P
In other words, the entropy is the log to base two of the permutations. For our
eight character example that equates to about 52 bits.
There are two approaches to increasing the number of permutations, and hence
the entropy, you can choose more characters, or, you can make the alphabet you
are choosing from bigger.
lib/Crypt/HSXKPasswd.pm view on Meta::CPAN
For the purpose of this documentation, the entropy in the first scenario, the
brute force attack, will be referred to as the blind entropy, and the entropy
in the second scenario the seen entropy.
The blind entropy is solely determined by the configuration settings, the seen
entropy depends on both the settings and the dictionary file used.
Calculating the bind entropy C<Eb> is quite straightforward, we just need to
know the size of the alphabet resulting from the configuration C<A>, and the
minimum length of passwords generated with the configuration C<L>, and plug
those values into this formula:
Eb = Log(2)(A^L)
Calculating C<A> simply involves determining whether or not the configuration
results in a mix of letter cases (26 or 52 characters), the inclusion of at
least one symbol (if any one is present, assume the industry standard of a 33
character search space), and the inclusion of at least one digit
(10 character). This will result in a value between 26 and 95.
Calculating C<L> is also straightforward. The one minor complication is that
lib/Crypt/HSXKPasswd.pm view on Meta::CPAN
The example password from the L</PHILOSOPHY> section
(C<!15.play.MAJOR.fresh.FLAT.23!>) was generated using the preset C<WEB32>.
This preset uses four words of between four and five letters long, with the
case of each word randomly set to all lower or all upper as the
basis for the password, it then chooses two pairs of random digits as extra
words to go front and back, before separating each word with a copy of a
randomly chosen symbol, and padding the front and back of the password with
a copy of a different randomly chosen symbol. This results in passwords that
contain a mix of cases, digits, and symbols, and are between 27 and 31
characters long. If we add these values into the formula we find that the
blind entropy for passwords created with this preset is:
Eb = Log(2)(95^27) = 163 bits
This is spectacularly secure! And, this is the most likely kind of attack for
a password to face. However, to have confidence in the password we must also
now calculate the entropy when the attacker knows everything about how the
password was generated.
We will calculate the entropy resulting from the same C<WEB32> config being
lib/Crypt/HSXKPasswd/Dictionary/ES.pm view on Meta::CPAN
'formatéalos',
'forme',
'formemos',
'formen',
'formentera',
'formes',
'formidable',
'formidables',
'formo',
'formones',
'formula',
'formulaba',
'formulabais',
'formulaban',
'formulabas',
'formulación',
'formulad',
'formulada',
'formuladas',
'formulado',
'formulados',
'formulamos',
'formulan',
'formulando',
'formular',
'formulara',
'formularais',
'formularan',
'formularas',
'formularemos',
'formulario',
'formularios',
'formularla',
'formularlas',
'formularlo',
'formularlos',
'formularon',
'formularse',
'formulará',
'formularán',
'formularás',
'formularé',
'formularéis',
'formularÃa',
'formularÃais',
'formularÃan',
'formularÃas',
'formulas',
'formulase',
'formulaseis',
'formulasen',
'formulases',
'formulaste',
'formulasteis',
'formule',
'formulemos',
'formulen',
'formules',
'formulismo',
'formulo',
'formulábamos',
'formuláis',
'formulándola',
'formulándolo',
lib/Crypt/HSXKPasswd/Dictionary/ES.pm view on Meta::CPAN
'reformasen',
'reformases',
'reformaste',
'reformasteis',
'reformatorio',
'reforme',
'reformemos',
'reformen',
'reformes',
'reformo',
'reformulada',
'reformuladas',
'reformulado',
'reformulados',
'reformulando',
'reformular',
'reformábamos',
'reformáis',
'reformáramos',
'reformásemos',
'reformé',
'reforméis',
'reformó',
'reforzaba',
'reforzabais',
'reforzaban',
lib/Crypt/HSXKPasswd/Dictionary/FR.pm view on Meta::CPAN
'formols',
'formolâmes',
'formolât',
'formolâtes',
'formolèrent',
'formolé',
'formolée',
'formolées',
'formolés',
'formons',
'formula',
'formulable',
'formulables',
'formulai',
'formulaient',
'formulaire',
'formulaires',
'formulais',
'formulait',
'formulant',
'formulas',
'formulasse',
'formulassent',
'formulasses',
'formulassiez',
'formulation',
'formulations',
'formule',
'formulent',
'formuler',
'formulera',
'formulerai',
'formulerais',
'formulerait',
'formuleras',
'formulerez',
'formuleriez',
lib/Crypt/HSXKPasswd/Dictionary/FR.pm view on Meta::CPAN
'reformerez',
'reformeriez',
'reformerions',
'reformerons',
'reformeront',
'reformes',
'reformez',
'reformiez',
'reformions',
'reformons',
'reformula',
'reformulai',
'reformulais',
'reformulait',
'reformulant',
'reformulas',
'reformulasse',
'reformule',
'reformulent',
'reformuler',
'reformulera',
'reformulerai',
'reformuleras',
'reformulerez',
'reformules',
'reformulez',
'reformuliez',
share/sample_dict_ES.txt view on Meta::CPAN
formatéalos
forme
formemos
formen
formentera
formes
formidable
formidables
formo
formones
formula
formulaba
formulabais
formulaban
formulabas
formulaciones
formulación
formulad
formulada
formuladas
formulado
formulados
formulamos
formulan
formulando
formular
formulara
formularais
formularan
formularas
formularemos
formulario
formularios
formularla
formularlas
formularlo
formularlos
formularon
formularse
formulará
formularán
formularás
formularé
formularéis
formularÃa
formularÃais
formularÃamos
formularÃan
formularÃas
formulas
formulase
formulaseis
formulasen
formulases
formulaste
formulasteis
formule
formulemos
formulen
formules
formulismo
formulo
formulábamos
formuláis
formulándola
formulándolas
share/sample_dict_ES.txt view on Meta::CPAN
reformases
reformaste
reformasteis
reformatorio
reformatorios
reforme
reformemos
reformen
reformes
reformo
reformulaciones
reformulación
reformulada
reformuladas
reformulado
reformulados
reformulando
reformular
reformábamos
reformáis
reformáramos
reformásemos
reformé
reforméis
reformó
reforzaba
reforzabais
reforzaban
share/sample_dict_FR.txt view on Meta::CPAN
formols
formolâmes
formolât
formolâtes
formolèrent
formolé
formolée
formolées
formolés
formons
formula
formulable
formulables
formulai
formulaient
formulaire
formulaires
formulais
formulait
formulant
formulas
formulasse
formulassent
formulasses
formulassiez
formulassions
formulation
formulations
formule
formulent
formuler
formulera
formulerai
formuleraient
formulerais
formulerait
formuleras
formulerez
share/sample_dict_FR.txt view on Meta::CPAN
reformerez
reformeriez
reformerions
reformerons
reformeront
reformes
reformez
reformiez
reformions
reformons
reformula
reformulai
reformulaient
reformulais
reformulait
reformulant
reformulas
reformulasse
reformulassent
reformulasses
reformulassiez
reformulassions
reformule
reformulent
reformuler
reformulera
reformulerai
reformuleraient
reformulerais
reformulerait
reformuleras
reformulerez
( run in 0.275 second using v1.01-cache-2.11-cpan-3cd7ad12f66 )