Passwords
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.
You are currently reading a thread in /g/ - Technology
You are currently reading a thread in /g/ - Technology
Hey /g/
How strong (or rather how much of a good idea) would be to use such a password? I mean the hash output of a word. I would not use this particular word ofcourse, it would actually be a word written with Cyrillic which would also contain different case characters, but a rather simple word.
>>51311014
bad idea
just generate something random
why not just use some random phrase as your password and then write in Cyrillic or whatever?
>>51311059
Hmm, really? Why? Even I wouldn't know the actual password, but only I would be able to generate it.
PaSSwoRd - only I would know the characters case and the actual hashing algorithm used to generate it.
>>51311074
Easier to remember one word.
>>51311100
>Easier to remember one word.
upgrade your brain
http://world.std.com/~reinhold/diceware.html
>>51311120
I alaready use different password for different services, I was just thinking of making things easier for me while still offerning the same security.
Whatever that site is/does, does not work.
>diceware
>dice
If it's some random character string generator, it's the last thing that I would use to generate my password, lol.
>>51311014
Depends. What are you trying to protect against?
>>51311014
It's generally a bad idea to have a password that would be simple to guess if people only knew the algorithm. The more people use the same algorithm, the riskier it all gets. Just use a password manager with a nonsense passphrase as master pass.
How do people still not know that longish passphrases ("and then i said fuck you let me in") are way more secure than a short sequence of complicated characters ("aS%dF=?") which is impossible to memorize anyways...
>>51311471
Because they aren't
>>51311479
Longer passwords are always better, even if you use plain dictionary words - maybe better if the language isn't english.
>>51311170
desu diceware is amazing
You can use my code#!/usr/bin/python3
from os import urandom
from sys import argv, exit
def getlist():
with open('diceware','r') as f:
return list(line[:-1] for line in f.readlines())
def die(side=6):
return int.from_bytes(urandom(32),byteorder='big') % side
if __name__ == '__main__':
if len(argv) > 1:
try:
count = int(argv[1])
except ValueError:
print("Error: Argument is not a number")
exit()
else:
count = int(input("Please input the number of words: "))
list = getlist()
for i in range(count):
print(list[die(7776)])
OutputPlease input the number of words: 8
messy
strike
bream
rummy
noisy
defy
11
2nd
Total characters: 42
Total combinations for 8 words: 13367494538843734067838845976576
Total security: 103.3 bits
Total blind security: 250 bits
You could even make it more secure by putting _,+,=,-,*,,, and . instead of spaces,
>>51311479
Computers still can't reliably generate English sentences that aren't gibberish, and they take ages to even get that far. That leaves us with brute force.
And 4 random dictionary words is already better than a 6 character password.
>>51311526
Ok, my next password will be "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
Longer is better, right?
>>51311471
Like so many before you you fail to interpret the correct horse battery staple xkcd.
Dictionary attacks are a thing. The following assertions are all false:
- A meaningful sentence is stronger than random characters
- A meaningful sentence is stronger than a word
- A random sentence is stronger than random characters
The xkcd only makes sense because most peopl pick an actual word as a password, an then add numbers, punctuation, leetspeek characters. That is a known algorithm, so a dictionary attack still works. So if you assume a dictionary attack will be successful anyway, then yes, it is of advantage to increase the entropy. Not with an actual sentence because again, little entropy, but with randomly chosen dictionary words. It's not perfect, an actual random string will still be stronger. But it sure as hell is safer than 99% of the passwords out there.
A hash of a word on its own is theoretically no better than just using the word itself.
The entire idea falls apart if: an attacker either knows you've hashed your password, hashing passwords becomes popular enough that it's tried more commonly, or you're being targeted and they have good knowledge of password obscuring techniques.
>>51311565
>6 character password
Do people still unironically use those? 8 is minimum pretty much everywhere.
>>51311014
Just use keepass to generate xboxhuge passwords.
>>51311628
The issue is not just people, too many services, webstores, you name it, has limit how many characters can password have.
>>51311628
6 char is still relatively common even if not as popular as before.
The real travesty is >>51311705. Outlook.com doesn't even allow spaces for some reason.
>>51311580
fuggn ebin X-DD
KeepassX
>>51311580
desu m8 that will work senpai
>>51311580
Well it's better than 'abc'.
>>51311014
If you're trying to do what I think you're trying to do, use a slower hash.
