@TheGibson What I'd really like to see is, say, lifetime or century-crack length over time.

That is, for a given year, what is the shortest password that can withstand likely crack attempts for 100 years.

Or perhaps ranked against budget: cracking for $0.01/key, $0.10, $1, $10, $100, $1,000, $1,000,0000, $billion, etc.

The cracking-rate progress and budget aspects of this are seriously underappreciated. Hell, I don't know these.

#passwords #security #cracking

@dredmorbius @thegibson I think Bitcoin has proven the economy for this is a hell of a lot cheaper than people think. (Which is why I think the estimates in the chart above are woefully naive as they assume a single attacker and a one pw at a time attack.)

The amount of distributed compute power people are throwing around at cryptocoins for no budget but for imaginary profit is extraordinary. No human password survives ~100-days much less 100 years against cryptocurrency "mining".

@dredmorbius @thegibson Passwords that humans type in, much less are expected to "know" are dead as of like three years *ago*, it's just going to take years for people to understand the implications of that.

Follow

@abbienormal

I would have suggested that fifteen years ago, but now I’m not so certain about that either. I don’t think they are very humane in just pairs. Keybase got close to something but I don’t think they cracked the mainstream UX.

I’m slowly, fwliw, growing the opinion we need something *slow*. Involving things like post offices and notaries public, handshakes and stamps. Human time scales. Don’t know the “hows” exactly though.

@dredmorbius @thegibson

@abbienormal @dredmorbius @thegibson What little I know/picture of the “hows” is that it may have to get *weird* to be generally useful. Like pulling out weird ideas from fantasy novels weird as the only UX that “makes sense” to the average person.

“Sorry, I can’t log in to Gmail until I visit my local Apple Enchanter to re-enchant the magic runes back into my iPhone. Yeah it’s dumb I have to find a day to take these rune stones and my driver’s license over, but I like my phone soulbound.”

Sign in to participate in the conversation
Smeap.com

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!