diff --git a/NewCaps/WhatCouldGoWrong.md b/NewCaps/WhatCouldGoWrong.md
index 3707a2c..cfc5b9f 100644
--- a/NewCaps/WhatCouldGoWrong.md
+++ b/NewCaps/WhatCouldGoWrong.md
@@ -23,7 +23,7 @@ where *k* = bitlength(*K1*), *r* = bitlength(*R*), *s* = bitlength(*S*), *t* = b
 
 (The notes to the diagram assume *k* == *r*.)
 
-*p* is the success probability of an attack (0 < *p* <= 1). *N* is the number of targets for preimage attacks; this assumes that the attacker has stored the relevant hashes for *N* files and is content with finding a preimage for any of them.
+*p* is the success probability of an attack (0 < *p* <= 1). *N* is the number of targets for preimage attacks; this assumes that the attacker has stored the relevant hashes for *N* files and is content with finding a preimage for any of them. Note that since the attacker must also expend work to obtain each target hash, the cost of brute force cannot be reduced below a "square root" attack. For example, the work to forge an immutable file (attack !#3) by brute force cannot be reduced to less than sqrt(*p*).2^(*r*+*t*)/2^ (roughly the same work as a collision attack), no matter how many targets are available.
 
 
 1. *shape-shifter immutable file*: creator creates more than one file matching the immutable file readcap