So if Alice and Bob are lucky in how they choose their axes, they should be able to force the particles either to disagree or to violate the 1-0-1 rule - contrary to experimental evidence.
However, we find that relatively weak passwords, about 20 bits or so, are sufficient to make brute-force attacks on a single account unrealistic so long as a “three strikes” type rule is in place.
然而,我们发现,长度约为20个字符左右、相对较“弱”的密码也已经能够使得针对单一账户的暴力破解变得不现实:只要有“三振出局”的规范即可。 (译者注:原文的“three strikes” type rule 指的应该是连续三次输入错误密码就会暂时锁死账户,具体可参考此处。)