Subnostr

nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr see my response to enzymical. If the sentence is mutated in some weird way, you're probably right, but if the sentence has ever been spoken by any human in history it will be trivial to find it with a modern computer.

I don't think the average person is creative enough to NOT pick one of those so it would be a very bad security policy if you're talking about a commercial product.

d 2y ago

Just because a sentence is known to exist doesn't mean the attacker can reasonably pick it from the ~10^5000 options. Any information you give an attacker about the nature of a password bounds the space, regardless of the nature of the key.

The point is, unless the attacker *knows* they're looking for english passphrases that are very well defined -- which they don't because nobody has a security policy specifying such a thing -- the fact that a password is a phrase in english does not weaken it at all.

Reply to this note

Please Login to reply.

Discussion

Fe₂🦀₃⋅H₂🦀 2y ago

nostr:npub15fkerqqyp9mlh7n8xd6d5k9s27etuvaarvnp2vqed83dw9c603pqs5j9gr I feel pretty confident that the NSA has a list of all known valid English sentences (with permutations) and they could probably run it in a few minutes. I don't have proof of this but I suspect a table like that would fit within a terabyte