Creating a password in 2023 be like

Like A Duck · 1 year ago

Creating a password in 2023 be like

@geissi@feddit.de · 1 year ago

forgetting-spaghetti-toad-box

I don’t know much about PW security but would a passphrase of common words not be more susceptible to dictionary attacks?

@CanadaPlus · edit-2 1 year ago

The idea is that entropy is measured with possible words instead of possible characters. It turns out 7 7-bit ascii characters have less entropy than 4 14-bit equivalent words (that is, the 16,384 most common ones). And that’s in the ideal case it’s a totally random 7 characters.

Every attack is technically a dictionary attack here, but it doesn’t help enough because the password to a computer is still 30 characters long. To a human it seems a lot easier than ")f1:.{yJCzNv]@R=S K$~=", though.

PS. Turning /dev/random output into 7-bit ascii characters is surprisingly involved in Haskell. C would have been easier. This was the world’s slowest ninja edit.

@geissi@feddit.de · 1 year ago

Thanks for the explanation, I remember the explanation in https://xkcd.com/936/ but wasn’t sure how that held up for different attack methods.

@argv_minus_one@beehaw.org · 1 year ago

Schneier disagrees.

@CanadaPlus · 1 year ago

They teach the math I used in highschool (albeit in a different context), it’s not wrong. Schneier seems to be assuming you’ll use words of personal significance. Don’t do that, there’s programs that will generate the sequence for you, and then you can make up a story based on it. Randall Munroe probably has no particular connection to horses and staples.