[ 3 / biz / cgl / ck / diy / fa / ic / jp / lit / sci / vr / vt ] [ index / top / reports ] [ become a patron ] [ status ]
2023-11: Warosu is now out of extended maintenance.

/sci/ - Science & Math

View post   
File: 37 KB, 600x450, Cracker.snack.bread.jpg [View same] [iqdb] [saucenao] [google]
4828029 No.4828029 [Reply] [Original]

Let's say you have to pick a password consisting of 3 numbers. Normally if someone were to guess your password he'd have 1/1000 chance of getting it right. However, let's say you picked 000 as your password, then someone with a password breaker algorithm would always get it right on the first try. Doesn't this contradict the fact that picking any combination as your password gives the same chance of "protection" against password breakers? does picking 999 make your password "stronger" than if you'd picked 000? (or maybe 789? , something in the middle maybe?)

>> No.4828138

Why are you assuming a password breaker would start at 000?

>> No.4828153

>>4828138
well it either starts at 000 and goes up or 999 and goes down, so the password 000 has at best 50% chance of not being found out in one shot instead of 1/1000 like the freq prob says

>> No.4828159

Provided you use a brute force password breaker that just starts at 000 and counts up, 999 is of course stronger than 000. If anyone bothered with writing a more sophisticated password breaking algorithm for this kind of problem, it would probably try out 000, 111 etc first, since these would be the passwords lazy people use. Still, this does not have any real consequences, since real password storage normally operates with salted hash tables that are not as easily broken.

>> No.4828171 [DELETED] 

If you pick 123 as your combination. I guess 123 and get it right on the first try. There is still a 1/1000 chance to guess it. Whatever guess I choose firstly, secondly, or whenever does not change the probability.

If this helps you in anyway, knowing the combination before guessing and guessing that correct combination makes the probability 100% that I will get it right.

>> No.4828172

>>4828153
is that how password breaking works?
cause that's stupid.

>> No.4828179

>>4828172
No. See >>4828159

>> No.4828185

>>4828159
but that's not always true since when you are at an atm machine you usually put a 4 digit combination, there is no hashing done.

I wonder if most people wouldn't take 0000, or 1234 as combinations since they are too obvious make it so that there are less "real" passwords to choose from. Like if there is a correlation between password use and using "4 different digits", "3 different digits", etc.. and if they are scrambled or not. Like would most people pick something like 7945 or 7754 or 7755 ? I would guess most people would pick 4 "scrambled" digits.

>> No.4828195
File: 34 KB, 500x453, 1333156021138.jpg [View same] [iqdb] [saucenao] [google]
4828195

>>4828179
you're a standup guy.
a criminal would have told me, yes.

>> No.4828194

>>4828029

If 000-999 was actually used someone would write a password breaking algorithm that guessed them all at once. Therefore making them all equal and the security team american.

>> No.4828193

>>4828159
>salted hash

Those are great with ketchup

>> No.4828208
File: 77 KB, 1346x653, password probability distribution.jpg [View same] [iqdb] [saucenao] [google]
4828208

here this is what I'm having in mind as my question

>> No.4828233

>>4828208
That is a damn vague graph. Firstly, why are there two sides to it, and secondly, you may be underestimating people's stupidity.

>> No.4828237

>>4828233
Well I never said it was right, It's just an example. There are two sides because it's a normal distribution, I thought it was obvious sorry.

>> No.4828244

>>4828237
Well I'm mighty confused now. What are the axis?

>> No.4828256
File: 45 KB, 1346x653, standard normal.jpg [View same] [iqdb] [saucenao] [google]
4828256

>>4828244
let's just say it's a standard normal dis't. So it's kinda like this

>> No.4828262

>>4828208
you drew it right. what's the question?

>> No.4828272

>>4828262
that password strength isn't actually based on frequency of the number but it varies depending on some probability disn't of different password "combinations" (like if 4 random digits was the most popular one (ie: inside the 1-sigma boundary) then you'd try only the password combinations with 4 unique digit random numbers which are also "scrambled" (ie: 7893 is good but 6789 is not), so your chance at breaking the password increases considerably

>> No.4828284

for example, if most(inside 1 sigma, so that's about 64%) 4-digit passwords are "unique digit scrambled", then you'd program your algorithm to try out only these so in 64/100 cases you'd have much higher than 1/10000 chance of finding the password at each try. I haven't actually calculated the probability but it should be considerably higher (maybe 1/1000?).

>> No.4828285

OP,

there is a 1/1000 chance of getting it right period. This is assuming random selection.

What you are asking is questions about human factors that change odds.
Human factors always change the odds of things this should not be too surprising.


If you still don't see how it's a human factor then take it from the point of view of the password cracker.
If he makes a brute force algorithm, where should he start? He is aware that if he starts at a point closer to the persons real password then it will take less time, so he has a 1/1000 chance of starting at any number, not just 000.

If for whatever reason your problem restricts the starting point and you say that the password cracker DOES start at 000, then of course this changes the odds because now you have additional information in your system, in fact now we know that 999 is THE most secure password if it is brute forcing in increments of 1 starting at 000.