said by Ian1:said by KodiacZiller:If the words are chosen perfectly randomly from an English dictionary, then the machine would have to guess from the dictionary randomly. This is the whole idea behind the diceware method.
I'm aware of that. But that wasn't the complexity calculation used by the cartoon author.
Maybe not, but the diceware method is still the best way to create strong passwords that are easy to remember.
For example, let's say that you have a word list of 10,000 English words to choose from. Let's further assume your adversary *knows* that you used this list. Here's the entropy for passwords made with different lengths:
4 words = 53 bits
5 words = 66 bits
6 words = 80 bits
7 words = 93 bits
So you'll need at least 6 words to be sure that the password won't be cracked. 80 bits is plenty strong. The nice thing about this is the adversary can know the wordlist and it doesn't matter as long as your password is long enough and chosen *randomly*.