Can someone explain how he found out the passphrase of the genesis account?
"It was a bright cold day in April, and the clocks were striking thirteen."
It has 14 words and some punctuation. Ignoring the punctuation and using a simple 2000 words long dictionary (and this is tiny! There are 1013913 words in the English language) we get 2000^14 possible passphrases, or about 10^46 possibilities, if we go by characters from the alphabet, it has 26^72 ~ 10^101 possibilities. A password written in base 58 and 26 characters long is also about 10^46 possibilities. In comparison, a random 8 character long password takes 3 hours to crack on a desktop pc. 9 char -> 3days, 10 char -> 1 year, 11 char -> 48 years. 26 char -> An octillion years.
Now it is a given that the entropy of a random password is much higher than that of a phrase from a novel, but I still can't see how he could crack the passphrase unless the entire thing was already in his dictionary! Let's not forget he was using a python script which is notably slow!
"It was a bright cold day in April, and the clocks were striking thirteen."
It has 14 words and some punctuation. Ignoring the punctuation and using a simple 2000 words long dictionary (and this is tiny! There are 1013913 words in the English language) we get 2000^14 possible passphrases, or about 10^46 possibilities, if we go by characters from the alphabet, it has 26^72 ~ 10^101 possibilities. A password written in base 58 and 26 characters long is also about 10^46 possibilities. In comparison, a random 8 character long password takes 3 hours to crack on a desktop pc. 9 char -> 3days, 10 char -> 1 year, 11 char -> 48 years. 26 char -> An octillion years.
Now it is a given that the entropy of a random password is much higher than that of a phrase from a novel, but I still can't see how he could crack the passphrase unless the entire thing was already in his dictionary! Let's not forget he was using a python script which is notably slow!
You've answered your own question
An earlier poster linked to an Ars Technica article explaining this approach to password cracking in more detail.Lots of people have already replied to this from the security perspective. I'm replying to this from the math perspective. Math is not simply about crunching numbers to get answers, it's really about reasoning and proof. This reasoning usually takes the form of
Quote
If (certain conditions hold), then (certain things must be true).
A lot of the 'math' I've been seeing lately forget to check that the conditions indeed hold. When you make a claim, and want to convince other people of that claim, the burden of proof should be on you to establish that the conditions hold, and that your claims follow from those conditions.
This is time-consuming though, we can't always reason through everything from basic principles. It's very tempting, and for little things more practical to just intuit/jump ahead, I'm often guilty of this. But we should keep in mind that if we jump ahead like this, we can't be certain our claims are correct
In service of math, and consequently the public.