Is this secure?

Paul Rubin at nospam.invalid
Wed Feb 24 04:51:53 CET 2010

Lie Ryan <lie.1296 at> writes:
> If an attacker knows the that the random number generator have an
> extreme skew and he knows the distribution of the letters, how much
> advantage would it give the attacker? My initial guess is that the more
> skewed the letters are, the better the advantage, since an attacker
> using brute-force can write his program to prefer the most likely letters?

A useable (conservative) estimate is that the attacker's workload is 1/p
where p is the probability of the most likely password.  That basically
says the password strength can be measured by the min-entropy.
Cryptographers often use that approach.  If you want to be more precise,
you can do a conditional probability calculation assuming the attacker
works down the list of possible passwords in order of decreasing
probability, stopping when they hit the right one.

More generally still, passwords regardless of their entropy content are
a sucky way to encapsulate cryptographic secrets.  We keep using them
because every alternative has drawbacks of its own.

More information about the Python-list mailing list