Score:0

Crypto

Password space: number of possible password combination

Gloria Jiya

11/17/23, 10:07 PM

How do I calculate the password space of a randomized linked hybrid pasword of 9 images and 10 numbers(0-9)? User allowed to select 4 password

Images=9 Pin= 0-9 Password selection allowed: 4 Every image is linked to a number

Images are randomized at each selection

1 + 5

passwords

Gloria Jiya

11/18/23, 7:20 AM

I am trying to calculate the password space for a graphical password of 9images each image is linked to a number from 0-9.. and users are allowed to select just 4 images

JAAAY

11/18/23, 9:45 AM

The answer is 9-choose-4 I think.

forest

11/18/23, 10:39 PM

@GloriaJiya So you want to know the keyspace when you have 10 images (images numbered 0 through 9 would total 10 images, not 9) to choose from, and four are picked at random. Is that correct?

Gloria Jiya

11/19/23, 12:02 AM

@forest yes that is correct.

Score:1

Crypto

forest

11/19/23, 12:11 AM

The fact that a password is composed of images is irrelevant. If you have 10 possible values for each symbol and choose 4 symbols at random, the keyspace is 10⁴ = 10000, and log₂(10000) ≈ 13.3 bits.

This is very insecure!

In general, you can calculate the keyspace by raising the number of possible symbols to the number of randomly-selected symbols. This tells you how many possible combinations there are. You convert this number into the number of bits of security by taking the base-2 logarithm of the result.

For example, if you are choosing a password composed of 12 words chosen at random from a set of 4000, the number of bits of security is log₂(4000¹²) ≈ 145 bits, which is secure.

+ 5

Gloria Jiya

11/20/23, 5:31 AM

Ok, for hybrid password password that has a password space for 1st step authentication of 10,000 and 2nd step authentication of 6,000. Do we add 10,000 to 6,000 or multiply 10,000 by 6,000.

forest

11/20/23, 10:29 PM

@GloriaJiya Will the attacker know if they got the first password correct before they try the second?

Gloria Jiya

11/21/23, 10:26 AM

aforest yes the attacker will know.

forest

11/23/23, 10:08 PM

@GloriaJiya In that case, treat it like two separate passwords. First one is broken and _then_ the other, so you aren't adding very much security by using two.

Gloria Jiya

12/15/23, 8:43 AM

Okay thank you for the response.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Password space: number of possible password combination

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.