xkcd.com Open in urlscan Pro
2a04:4e42:600::67  Public Scan

Submitted URL: http://xkcd.com/936
Effective URL: https://xkcd.com/936/
Submission: On July 08 via manual from EE — Scanned from DE

Form analysis 0 forms found in the DOM

Text Content

 * Archive
 * What If?
 * About
 * Feed•Email
 * TW•FB•IG
 * -Books-
 * What If? 2
 * WI?•TE•HT

A webcomic of romance,
sarcasm, math, and language.
Special 10th anniversary edition of WHAT IF?—revised and annotated with
brand-new illustrations and answers to important questions you never thought to
ask—coming from November 2024. Preorder here!


Password Strength
 * |<
 * < Prev
 * Random
 * Next >
 * >|


 * |<
 * < Prev
 * Random
 * Next >
 * >|


Permanent link to this comic: https://xkcd.com/936/
Image URL (for hotlinking/embedding):
https://imgs.xkcd.com/comics/password_strength.png
((The comic illustrates the relative strength of passwords assuming basic
knowledge of the system used to generate them. A set of boxes is used to
indicate how many bits of entropy a section of the password provides. The comic
is laid out with 6 panels arranged in a 3x2 grid. On each row, the first panel
explains the breakdown of a password, the second panel shows how long it would
take for a computer to guess, and the third panel provides an example scene
showing someone trying to remember the password.)) [[The password "Tr0ub4dor&3"
is shown in the centre of the panel. A line from each annotation indicates the
word section the comment applies to.]] Uncommon (non-gibberish) base word
[[Highlighting the base word - 16 bits of entropy.]] Caps? [[Highlighting the
first letter - 1 bit of entropy.]] Common Substitutions [[Highlighting the
letters 'a' (substituted by '4') and both 'o's (the first of which is
substituted by '0') - 3 bits of entropy.]] Punctuation [[Highlighting the symbol
appended to the word - 4 bits of entropy.]] Numeral [[Highlighting the number
appended to the word - 3 bits of entropy.]] Order unknown [[Highlighting the
appended characters - 1 bit of entropy.]] (You can add a few more bits to
account for the fact that this is only one of a few common formats.) ~28 bits of
entropy 2^28 = 3 days at 1000 guesses sec (Plausible attack on a weak remote web
service. Yes, cracking a stolen hash is faster, but it's not what the average
user should worry about.) Difficulty to guess: Easy. [[A person stands
scratching their head trying to remember the password.]] Person: Was it
trombone? No, Troubador. And one of the Os was a zero? Person: And there was
some symbol... Difficulty to remember: Hard. [[The passphrase "correct horse
battery staple" is shown in the centre of the panel.]] Four random common words
{{Each word has 11 bits of entropy.}} ~44 bits of entropy. 2^44 = 550 years at
1000 guesses sec Difficulty to guess: Hard. [[A person is thinking, in their
thought bubble a horse is standing to one side talking to an off-screen
observer. An arrow points to a staple attached to the side of a battery.]]
Horse: That's a battery staple. Observer: Correct! Difficulty to remember:
You've already memorized it ((The caption below the comic reads: Through 20
years of effort, we've successfully trained everyone to use passwords that are
hard for humans to remember, but easy for computers to guess.)) {{Title text: To
anyone who understands information theory and security and is in an infuriating
argument with someone who does not (possibly involving mixed case), I sincerely
apologize.}}



RSS Feed - Atom Feed - Email

Comics I enjoy:
Three Word Phrase, SMBC, Dinosaur Comics, Oglaf (nsfw), A Softer World,
Buttersafe, Perry Bible Fellowship, Questionable Content, Buttercup Festival,
Homestuck, Junior Scientist Power Hour

Other things:
Tips on technology and government,
Climate FAQ, Katharine Hayhoe

xkcd.com is best viewed with Netscape Navigator 4.0 or below on a Pentium 3±1
emulated in Javascript on an Apple IIGS
at a screen resolution of 1024x1. Please enable your ad blockers, disable
high-heat drying, and remove your device
from Airplane Mode and set it to Boat Mode. For security reasons, please leave
caps lock on while browsing.

This work is licensed under a Creative Commons Attribution-NonCommercial 2.5
License.

This means you're free to copy and share these comics (but not to sell them).
More details.