Tuesday, November 22, 2011

Yes! A new entry! It's only taken me a year!

If I had time to start using the rest of the scribble hierarchy, this would be much much easier. Or some kind of actual blogging *tool*. No, that would be going too far.

Anyhow, I'm writing this to rebut the classical "passphrases-are-better" argument.

Passwords or Passphrases?

People have to choose passwords. We want people to choose good passwords. Shannon provides a nice easy framework for looking at this. Specifically, we want to find a straightforward way to get people to use secure passwords.

Also, I'm sidestepping the "are you allowed to write it down" argument here, and trying to figure out the best way to choose passwords that you can actually remember in your head.

Next, I'm only going to consider methods that choose passwords for you randomly; allowing people to choose their own passwords makes it highly unlikely that you'll be able to accurately estimate the information content of the password, and highly likely that the password is guessable.

With this in mind, then, the question that I want to consider is whether it's better to generate passwords that contain complete words--longer, but with better hooks into your brain--or passwords containing randomly chosen characters.

Also, I'm just going to assume that an attacker knows what technique you're using to generate your passwords; this seems like a conservative but reasonable assumption.

So: I have a string of 77 characters that most password systems will permit--for the record, it's


... which means that a ten-character password gives me about 62.668 bits of information. I've demonstrated to my own satisfaction that if I generate eight of these, and pick the one I like the best, I can remember it. This costs me three bits, so I'm down to 59.668 bits.

To see what this looks like, here's a randomly generated set of passwords:


If today were the day I were changing my password, I would have to pick one of these. I kind of like the -gfU&LIFI# one; it's mostly upper-case. Keep in mind that I've already "paid the price" of this choice by dropping three bits from my entropy, so I can choose from this list with impunity.

Now, Let's see how long my passphrase has to be to get the same result.

Grazing the internets, I found the ridyhew list of 459K words. That's a very long list, and it means that each word has 18.808 bits. Let's add a choice of four separators (actually, let's put one at the end as well to make the math easy), to get this up to 20.808 bits. We're still just a tiny bit shy, so let's choose from a list of 4 words rather than eight:

words required: 3.0
for a total of 62.424658469982454 bits of information

Yikes. Let's try with a smaller word list. Here's one with 32K words:

words required: 4.0
for a total of 67.89066292977341 bits of information
"pinto bean+-rashly=-squabble,bitterly=-"
"thumb;disqualification-rib cage+,rumble."

Hmm... I don't know about you--I really don't, actually--but for me, the ones in the 10-char list are easier to remember. They're also *definitely* faster to type.

So, that's my analysis. For now, anyway. If I could get a list of English sentences....

Friday, September 3, 2010

So, if I can get this to build, it'll go back up. Really, how much of this stuff can I plausibly maintain?

Also, quite frankly, I have to say that I've been using markdown for a bit, now, and it has a lot going for it. Ah well.

Wednesday, January 20, 2010

The very-nearly-longest-running blog on the internet is back. Back, I tell you. Also, I'm now using the very spiffy at-exp formatting to enter this. Not like all of those crufty entries below. Phew. Just look at them!

So, I see that I, um, missed 2009 completely. Well, you know, not that much happened. First black president, new era of hope... you know, small stuff.

Should I get back to writing that paper?

Monday, November 17, 2008

I just took a look at the DNS record for brinckerhoff.org, and realized that I just missed the 10th birthday of brinckerhoff.org. Happy birthday, brinckerhoff.org.

Tuesday, October 18, 2008

Secrets you can't find on the internet, part 9: The intro to the Dixie Chicks' "Tortured, Tangled Hearts" is *so totally* lifted from Frank Zappa's "Willie the Pimp."

In other news, you still can't read my blog on google reader. Which is okay, because it doesn't really get updated that often.

Oh, and since you're not reading this anyway: I really like the new Donnas album. It makes me smile the same stupid grin when listening to old Metallica. It's so *cheesy*! I love it. If you listen to it and don't get the joke, well, don't worry. It's probably not really that funny in the grand scheme of things.

Thursday, September 4, 2008

Gah! Did I say 2, 4, and 6? Apparently time flies faster than I thought it did, because the kids are 2, 6, and 8.

Thursday, August 28, 2008

Almost ready for the new school year. The kids' ages are now 2, 4, and 6. How time flies.

A note for erstwhile readers; apparently none of my entries in the last year actually made it onto the web page. Ah well. I'm still one of the oldest dang blogs on the net.

Blatting foo eternally....

Saturday, June 28, 2008

Well, the 2008 U.S. Puzzle Championship is over, and I'm quite pleased to announce that I came in at #105 among U.S. contestants. Just wait until next year....

Friday, March 21, 2008

Things you can't google for (yet):

  1. Oh, my favorite! Carob-flavored gluten balls.
  2. I'd rather have an honor due to me than a deuteronomy.

Opinion articles I haven't yet written:

  1. Undercover "or": how Java language features conspire to conceal one of the most important programming concepts
  2. Openly Hostile: how the set of values in C actively discourages abstraction of data and separation of program pieces
  3. Test-driven Design favors Functional Programming

Xavier is now eighteen months, Nathan is now two, Alex is still seven. Wow!

Bike department: I bought a Felt RXC elite hardtail. I'm pretty happy with it. My Gunnar is still lovely, and still going strong. Actually, it needs a new bottom bracket and the shifters are probably due for replacement; they'll be ten years old this year (!). Substantially older than the frame, BTW. Those 105 parts really last.

Friday, September 7, 2007

Hey! We have a new baby. Um, well, actually he's a year old now. Ah well, how time flies. Actually, I just patched up the personal web page framework, so in fact the entry below this one was invisible until now.

I'm also astonished, looking down below, to see just how long I've now had this Gunnar; it's three years old now, and doing great. I'm in the market for an XC hardtail to go with it, though, because here in SLO the prettiest rides are off-road. I must say, though, that the Gunnar has gone far beyond the call of duty in this department, hauling me to the top of San Luis mountain frequently. You get lots of appreciative glances, too, riding a cyclocross bike to the top of San Luis mountain.

Also of possible historical interest: this "blog", as you call it, will be ten years old on December 13th. The chance that I will remember it on its birthday is NIL, poor thing, so I'll just celebrate it now. HBTYHBTYHBDBDBTY. Hmm... I suppose I could just have lied and post-dated this entry to be on December 13th... oh well.

Thursday, July 27, 2006

First things first, and maybe third things first too: We're expecting another baby! He's due on August 1st, but may be late as Alex was. I'd promise to keep this page updated, but that would obviously be a lie. The next time you hear from me he'll probably be in college.

I'm still working at Cal Poly, and apparently it's viciously hot there, which doesn't bother me personally because I'm in Maine. Still stressed out, but in a cooler part of the world.

Friday, October 14, 2005

Please welcome... the bifurcated web page! This page is no longer the one referred to by my place of work. That page is at http://www.csc.calpoly.edu/~clements/.

Of course, if you google for me you'll still get to this page, so I might as well say a big hello to my students, as well. Oh well.

Naturally, the two web sites are built by a shared framework, so there isn't actually <i>twice</i> the code. Actually, there's less sharing than there should be. Uh, I'll do that in my free time. When I get some.

Also, I finally set up dynamic dns for my home machine using dyndns.org, and I'm running a web server there using the all-singing, all-dancing PLT web server. Currently it's running a grade server, and that's it. The servlet is less than a page of code, though, which is pretty dandy. I'm sure it'll be down again by the time you try this link.

Other news: Although I'm deeply angry about the fact that access now requires a Yahoo login, I'm sticking with my decision to put my pictures on flickr.com. The advantage of this setup is that I can designate some people as being "friends & family" and thereby restricting access to the more personal pictures. The obvious downside of this is that I have to ask my friends and family to sign up for flickr.com, which now ... !@$ GRR !@$ ... requires signing up for a Yahoo! account. I'm still angry about this, but I'm sticking with it for the moment.

So the pictures page has an auto-generated flash flickr banner. I should center it or something... it looks terribly out of place.

Thursday, May 26, 2005

A shockingly short time has elapsed since I last wrote, and this out-of-character outburst heralds good news: I passed my PhD Defense! Hurrah!

I'm grateful to all that have helped me along the way, including fellow students past and present, friends and family, and most especially Anika and Matthias. Thanks!

Thursday, May 19, 2005

An appropriately long period of time has elapsed since my last missive.

Things are changing once again: I've gotten an "appointment" (sounds so much better than "job", don't you think?) at Cal Poly in San Luis Obispo. Tenure track and all that, la la. I liked what I saw, and I'm looking forward to getting started. Very nice.

What is <i>not</i> very nice is housing prices in SLO (as it's called), which are frankly shocking.

Monday, August 9, 2004

Gah!! I... Well, I feel awful. That brand new Gunnar frame? Well, Anika and I managed to SLAM it into a limb of one of the most beautiful oak trees in the state of Maine. Alas, its beauty is matched by its solidity, and there's only about a foot of clearance between the top of the car and the bottom of the limb. The bike was on top of the car, and we were in a hurry. Needless to say, the limb won.

So, I'm hoping that the fork is all that will have to be replaced. The frame may be a bit ... er, rumpled. However, the big payoff of steel is that the resulting frame may still be rideable. I had hoped not to have to capitalize on that particular property of steel.

Compounding my shame, I decided that one bike just isn't enough for my ways; it's always in the shop. So I went out and spend $570 on the cheapest LeMond you can get. You have to admit, that's a pretty cheap road bike. To be honest, I had to drop another $60 for clipless pedals.

We'll see how the Sora components hold up. My only comment thus far is that the thumb-levers on the brifters are pretty dreadful, especially because I have the feeling they were deliberately designed to make the higher-end components more attractive. I shouldn't complain, though. The Sora component set is far cheaper than Shimano's earlier offerings.

Monday, June 14, 2004

Well, I offer a full "Pblbthh"-retraction to Gunnar bikes. They replaced the frame, free of charge. We (We = folks at Harris Cyclery) coated the inside with Wiegle Framesaver, so it should last longer this time, accident-gods willing.

Wednesday, April 28, 2004

We've just about finished moving into a new building. The one crowning improvement of this location over our prior one is that I have a window <i>that opens</i>. The view isn't bad, either.

The other item of news is that I cracked ANOTHER frame. For crying out loud! This frame was supposed to be the &quot;Steel is Real&quot; lasts-forever bike frame. It lasted for sixteen months. Pblbthhh to Gunnar Bikes. Their website isn't even up right now. I know they're hiding from me, but I WANT ANOTHER FRAME!

Tuesday, February 17, 2004

Well, our Little Languages article is out in the March issue of Dr. Dobb's Journal. Go check it out!

Friday, December 19, 2003

Well, Christmas is right around the corner, but I can't seem to stop fiddling with the web page. Things are mostly back together again, and mostly finished. Which is as it should be. Perhaps I'll go to the Official PLT Colors.

Wednesday, December 17, 2003

Why on earth should I care about XHTML compliance? Probably because I have better things to be doing with my time.

Friday, December 5, 2003

Well sure, I'll participate in the Miserable Failure project. To see what this is all about, Google for "Miserable Failure".

Monday, April 28, 2003

a new copy of the Steal Your Face, just for vicarious nostalgia's sake

Tuesday, April 1, 2003

here, listen to this stuttering sampled music

Monday, January 27, 2003

Finally finally finally got some pictures of Nathan (and Alex and ...), from various trips we took last summer.

Thursday, January 23, 2003

Got three new teeth today, that was exciting. Well, all the painful part was weeks ago. The dentist just tossed them in and glued 'em on. Well, that's how it seemed, anyway.

Anyway, it's REALLY COLD in Boston today. But I rode in on my shiny new bicycle anyway, mostly just because I couldn't stand the smug posturing by everyone else on the massbike mailing list. So now <i>I</i> can posture smugly too!

I really really really need to get some pictures of Nathan up. He's big, now!

Oh, look, here's a gallery I never linked in.

Gee Whiz, here are pictures from Sarah and Jack's wedding. Goodness.

Tuesday, September 10, 2002

Oh dear lord. Well, I guess we got a little behind there, didn't we. Well, it's only been two years or so. Less, actually.

So, among other things, er, we've

  1. moved to Boston, and
  2. created another baby boy.

Gee, it doesn't seem so overwhelming, when I put it that way. I really don't have time to get into it right now, but here's a little mpeg of Alexander (now two years old) bouncing on the trampoline this last summer. Thanks, David!

Monday, December 15, 2000

I get to see the little guy all the time, but y'all don't; in fact, many of you have never seen my son. So, for the easily entertained, here's a ~450K movie of him that I dashed off this morning. It features me talking in a squeaky voice, and Alexander's head, looking at the camera occasionally. It's in quicktime 4 format, and should be viewable by Windows machines (using the Media Player?) and on the mac, assuming you have quicktime 4 installed. Shouldn't take more than a minute or two to download, even with a relatively slow connection.

Friday, August 11, 2000

Well, okay, let's begin at the beginning. The beginning, that is, of a new life. And that would be Alexander Darwin Edmond Clements, my first son. You know, I think that's the first time I've referred to him that way. Goodness. That's pretty humbling. Here's a picture of him, age one day. His eyes are closed, and he's waving his hands around. He's doing his impression of a fussy baby, which thankfully he is not, at least not yet.

There's also a honkin' big video of him, some 5.5 megabytes, which gets you an awe-inspiring thirty seconds of 200x120 footage. Some might say it's not worth it. In fact, it's big enough that I don't have the patience to stuff it into the modem, so it won't be available for a few days.

Anyhow, um, Anika and I are fine; actually, I'm doing great! Somehow, Anika wound up doing most of the work in the delivery room. I'm told that is generally how it works. I guess I'm just lazy.

What else is there to know? He was born on August1, 2000. He was 10 lbs, 3 oz. (Okay, okay, 2.8 oz.) He was 22.5" long. He's now nine days old, and sleeping like a baby. For the moment.

What else? Oh, yes, the house. We're buying a house. Busy? Us?

Wednesday, June 14, 2000

Why is profanity so enduringly funny? Here's an excerpt from the aforementioned show on WPRB, wherein Lily suffers from a minor slip of the tongue. But it's very very funny. And forty seconds long. Cheers!

Tuesday, June 6, 2000

Well, along with everything else I've been doing, I mp3'd the second of four taped sides of the aforementioned final "White &amp; not-so-white Trash Can" show. So, if you want a copy of that, drop me a line. It's about 50M, just in case you're wondering.

And, by the way, if you were there, thanks for coming to my wedding! It was indescribably fantastic, as I suppose you know, and I want to thank each and every one of you for coming. In fact, I suppose I will end up writing to each and every one of you. Well, that's not strictly true. Anika is doing half.

Thursday, June 1, 2000

Hm. Let's see. What's happened recently? Oh yes, I got married. Oh, and there's a baby on the way. Oh yes, the honeymoon. TOO MUCH.

It's been quite a while since I posted, I suppose. Lots of pictures on the way, as soon as I have an afternoon to scan them all in. Ugh. Also, PLT's DrScheme 102 is about to be released, and I have lots of stuff to do for that. Goodness. And then pretty soon we'll have the baby and I won't have time for ANYTHING ELSE. Including work, sleep, and eating. That's what I hear, anyway.

Oh, also I'm hoping to record and compress the last WPRB show that Lily, Frank, and I did, back in 1996. I liked it a lot, but it will run to 120M, so maybe I won't make that public. Let me know if you want to download it.

Time to do a logo for TeachScheme! 2000.

Thursday, March 20th, 2000

Well, so it turns out that Maya Grosul had a video camera at beer-bike, and filmed a good deal of it. I've extracted the portion of it which records my ride, though I'm guessing that a fairly small percentage of those who visit this page will have the patience to download a 15 MB file. Don't try this on your 33K modem.

Monday, April 3rd, 2000

Well, uh, welcome to the new millenium. Bit late, I suppose.

Right, so here we are April, and nothing since the end of November. Well, that's not quite true. Lots to report. Let's take it from the top.

First, I finally wrote a nice little XML translator using Paul Graunke's xml collection for PLT's DrScheme, the world's most complete and useful cross-platform Scheme development environment (if I do say so myself, and believe me, I do). Okay, so anyway, I used this translator to transform the xml that I wrapped around a bunch of pictures of hawaii and other exotic places some time ago. In other words, the translator took them from my unpleasantly non-standard (but convenient) xml format into the friendly and widely known html format that makes sense to your browser. Whoo! After spending months practicing writing clearly and concisely, it's nice to write sloppily and incomprehensibly. Which is to say, I realize that the preceding paragraph is poorly written (not to mention too long), but I just don't care enough to rewrite it. At least now I'm aware of my bad writing.

DANG! I can't let myself get away with that. Okay, let me try again.

First, I finally put a whole bunch of pictures on the web taken during our vacation to Hawaii. Included are several older pictures. The design of these pages has been in place for several months now, but it's only recently that I've gotten the time to write an XML translator to transform my private musings into html. Thanks especially to Paul Graunke's xml collection, and more generally to PLT's magnificent DrScheme, the world's most complete and useful cross-platform Scheme environment.


Second, Beer-Bike is now over. [Ed. Note.: yes, I agree, that's one of the most poorly-presented web sites I've ever visited.] The GSA men did better than we have since I've been captain, which is to say since I arrived. We came in fourth(!), and I have to say our glee is dampened quite significantly by the incomprehensible decision by the judges to retroactively disqualify four of the five teams that we beat. In other words, we crossed the line fourth out of nine, but the next day that became fourth out of five, a far less impressive result. Well, a big bronx cheer to the judges. I'll post pictures when ... well, when I get a little more time and a few more pictures, though I admit that Mike Unger was certainly unstinting both in his use of and in his generosity with his digital camera during the aforementioned event.

THIRDLY, it's way past time for me to get some kind of rudimentary wedding website up. So, despite the fact that it's not finished or even really begun properly, I'm going to put it up and hope that I get more up soon. Ick.

So anyway, that's certainly the longest entry for a heck of a while, and that's good, because it may be a while before I update this poor web page again.


Monday, November 29th, 1999

Well, for those of you who haven't heard, I'm delighted to announce that I'm ENGAGED(!) to be married to the startlingly magnificent Anika (nee) Mutch. Lovely though occasionally undignified pictures of the two of us can be seen on our trip to Yosemite and a later trip to Des Moines. Both feature not-so-great quality pictures from my otherwise much-mourned digital camera, which has recently stopped working. A short, I think.

But that's all completely beside the point; Anika and I are planning to get married soon, and we're both wicked excited. Details to follow.

Monday, October 18th, 1999

Will wonders never cease?

Yes, they will. Soon, the skies will blaze with light, and the earth will burn with the heat of the atomic apocalypse. Very soon! In fact, there are only ... hmm, let me see ... only 6 BILLION YEARS REMAINING until the sun billows forth to engulf the earth. Better start planning now.

The real reason I'm writing is to convince all of you to DOWNLOAD MY MP3 and listen to it. It's a recording of the old standard "Brain in a Jar," originally composed by Haunted Garage. This performance features the following personnel:

  • Matthew Lachniet - Guitar
  • ??? (Dang, I forget his name) ??? - Guitar
  • Chris Carr - Bass Guitar
  • Damian Erskine - Drums
  • John Clements - Vocals (ish)

It was performed in 1990, at Interlochen. Silly thing, really. Oh well.

Thank Heavens For DrRacket.