### How to choose a password optimally

Premise: Any attack on a password — whether online (login attempts) or offline (hash cracking) — will be designed so that the more likely a given password is, out of the space of all possible passwords, the less work is required to recover that password (unless a trivial amount of work is required to discover any possible password).

From (1), there exists a probability distribution of passwords.

Premise: There is a (practical) maximum length for passwords.

From (3), the set of possible passwords is finite.

From (2) and (4), there is a minimum probability in that distribution.

Use one of the passwords which has that minimum probability.

(There are at least two ways this doesn't work.)

kpreidHere's a brute-force way to take that into account, assuming you have a finite list of attacks and all attacks are run simultaneously: Take each attack's list of passwords, each annotated with the effort required to reach it. For each password, take the minimum of the efforts. Choose the password with the greatest minimum effort.

(The 'list of passwords ranked by effort' representation is how I originally thought of the scheme in the post.)

I haven't thought of how to generalize that combination method to handle non-equiprobable attacks.

So the ability to calculate a minimum makes that minimum unsuitable for use?

Seems to me we can use this heuristic:

1. Take all practical passwords.

2. Remove the X% most common passwords for some X.

3. Select a password from the remaining with uniform probability.

Removing the X% here should make you safer in the case of an undirected attack,

since any blind attacker will have to look at the most common passwords first. This

is because they don’t know how smart you are at selecting passwords.

In a directed attack, knowing that you have excluded the X% most common passwords

saves the the trouble of trying those, but the remaining passwords should be so many

as to make brute-forcing a futile endeavour.

I think this problem should be thought about in the context that an attacker knows our

method of choosing passwords and therefore can use it against us. And the above is the

best my limited intuition can tell me. How wrong am I?