I fucking hate this comic, and hate it even more that people

I like to think of it as every person has an 'algorithm' that they generate their passwords from. If you know that algorithm, you can easily crack their password.

Randall just encourages people to use a really shitty and well-known algorithm.

No clue why this picture triggers faggots so much.

ONE fucking example of someone having their shit maliciously fiddled with as a result of his password being cracked despite being harder than "admin" or "qwerty" or "123456".

Everything I care about that's protected by a password already has two step authentication.

File: tmp_3674-Screenshot_20170105-212344-48831725.png (90KB, 1080x1920px) Image search: [Google]

90KB, 1080x1920px

>a vocabulary of just 3000 words provides coverage for around 95% of common texts.
Holy shit, I'm doing better than I thought.

>>58348351
>learning German when all Germans can already speak English

Now, let's say you used a length of 5.
10000 ^ 5 = 100,000,000,000,000,000,000
(100 quintillion possible combinations)

Let's divide that by 10 billion.
We get 10 billion seconds.

Converted to hours, 10 billion seconds is 27700000.
That's a lot of days.

Git gud.

>>58348378
it's almost as bad as learning swedish

>>58348379
E X P O N E N T I A L

G
R
O
W
T
H

E N T R O P Y

>>58348379
>babby's first algebra 1 class
Yes, this is how exponents work.

>>58348193
>Yes cracking a stolen hash is faster, but it's not what the average user should worry about.
DO
>Yes cracking a stolen hash is faster, but it's not what the average user should worry about.
YOU
>Yes cracking a stolen hash is faster, but it's not what the average user should worry about.
UNDERSTAND
>Yes cracking a stolen hash is faster, but it's not what the average user should worry about.
NOW
>Yes cracking a stolen hash is faster, but it's not what the average user should worry about.
OP
>Yes cracking a stolen hash is faster, but it's not what the average user should worry about.
????
>Yes cracking a stolen hash is faster, but it's not what the average user should worry about.

File: 1399934573456.jpg (20KB, 236x250px) Image search: [Google]

20KB, 236x250px

>>58348378
I've heard from various sources that natives will appreciate the effort, even if it's a waste.

In any case, I don't know if it is a waste. Say for example I'm really into Kafka.

>>58348193
Kill yourself, you fucking shit stain.

File: animu a nice.jpg (56KB, 297x347px) Image search: [Google]

56KB, 297x347px

>>58348503
Hi, Randall! Surprised to see you on /g/.

shit thread shit argument

passphrases are fine. no need to explain. think it through yourself, idiot.

So, OP. Let's say we do all that. And then some cheeky faggot adds and ampersand.

>>58348193
>Use a random password generator to make a password at least 30 characters long.
Really you should be using 64-characters.

I use a 8 char password and the first the 2 letter of the specific company/website. Websites that need special ed chars fuck up my whole process.

>>58351081
What's worse is that even if you had a symbol which you used every time, some sites disallow symbols.

my masterpassword is

>2 uncommon english words
>1 uncommon portuguese word
>1 uncommon japanese work written in romaji and written wrong

>>58351196
Or if you regularly have to change it to something new. I don't even know what my outlook password is right now. ...ms, ...mi, ...ou or something else insane.

>>58348193
>10 billion is approximately the amount of hashes a password cracking rig (given 4 Titan X) can compute in one second. As a result, we get 1 million.

> 10 billions
> seconds

you are a fucking retard and don't know how password encrypting works.

Do you just assume people just use md5 to encrypt password?

>>58351104
Some sites pretend to allow symbols, but quietly strip them out, so the password will work with them removed.

>>58348193
You're basing that on the assumption that the attacker will psychically know that you used a combination of English words as your password and run an attack based on that instead of running the standard rainbow tables and then character bruteforce password that is more likely to be successful.

>>58348193
>10 billion is approximately the amount of hashes a password cracking rig (given 4 Titan X) can compute in one second.
No it fucking isn't

i don't even know what the fuck you were trying to write

please take english 101 where you learn how to state your intentions, outline how you are going to prove your thesis, and then demonstrate with actual proofs within the scope of reference how your thesis was right / wrong

what the fuck did you write 'i dislike x' ' interjects some math that has nothing to do with passwords ' 'fuck you'

?????

File: [Ohys-Raws] Girlish Number - 11 (TBS 1280x720 x264 AAC).mp4_snapshot_17.49_[2016.12.22_19.43.24].jpg (77KB, 667x715px) Image search: [Google]

77KB, 667x715px

>>58348193
I love how I just saw that exact episode of computerphile yesterday

One thing you should consider in the XKCD Password is you are supposed to include the fucking spaces

File: 2772d0f94b84bdb83423c93359fe0c4e65df7931_s2_n1.png (1MB, 2000x1724px) Image search: [Google]

1MB, 2000x1724px

>>58348351
Gute Arbeit Brudi, weiter so.

>>58348193
You may be able to compute hashes that fast, but that's only useful if you can also efficiently check that hash against a known hash. If you don't have a leaked hash you're still limited to trying out passwords on whatever system that's asking for it, which will surely not be able to accept 10 billion tries every second.

File: CFNpnwnUsAArQcm.jpg (42KB, 600x450px) Image search: [Google]

42KB, 600x450px

>>58348479
don't let anyone disencourage you to learn a language, ever.

Talking in english might get you around in the west, but there's much more to this world.

Also every country has remote but worthy places where rural locals have trouble talking in english, or older people in general if they stayed in their country their whole lives.

As a german, we do try to be able to speak enough english, but we also hate to make errors while speaking, so you taking that burden from us greatly improves the chances of us already liking you.
Just deal with the fact that you will never be perfect. Once I realized that for Japanese and just worked on being fluent in my 8000 Words 1400 Kanji Comfort Zone, everything ever worked out somehow.

>>58348193
I often use some phrase from a song including capitalization and punctuation. I get easy to remember 20+ character passwords this way.
rate me /g/

>>58351913
some allow passwords above their character limit when you set them, then just strip the violating characters from your actual password.

almost flipped when i figured that.

>>58348193
You're not supposed to use any words in the 10000 most common, though.
>>58353079
You're also supposed to arbitrarily throw in punctuation in the middle of words.

>>58348193
Isn't a password manager the weak point though?

Anyone can get at it.

>>58348193
>Now, let's say you used a length of 4.
This is why I use a length of 7 or 8

>>58348378
>learning Haskell when you can just use JavaScript

>>58348193
The central point of the comic was that the 4 random word password was more secure than the “Tr0ub4dor&3” password.

As far as I can tell, you have not touched on this point whatsoever.

What if it's a slow hash?

Pretty sure that would take significantly longer

>>58354223
Irrelevant, the only point is to compare different methods of memorizing entropy

The point of the comic is that stringing together words is a much more efficient entropy memorization techniques than stringing together random symbols, unless of course you use mnemonic techniques to turn those symbols into words.

It pokes fun at the people who think a strong difficult is one that's difficult to memorize, and fail to understand the concept of “strength per effort”, which is what determines how strong you can make your password and get away with it.

>>58348193
>running a brute force on their password for 11 days when you don't even know if they used this type of password
>implying any website is gonna like you attempt 10 quadrillion logins

This might be useful if you actually have the hashes on your computer, even then they're probably salted. So multiply that by 1000 for each salt combination.

You realize rainbow tables are a thing anyways, right?

>>58354277
OK and then you have people writing it down on sticky notes next to their computers.

Great security

>>58348193
goto https://xkpasswd.net
https://github.com/bbusschots/hsxkpasswd

File: 1478937397772.png (38KB, 1302x656px) Image search: [Google]

38KB, 1302x656px

>>58348193
Am I the only person who can't fucking stand this libshit asshole's comics?

>HURR DE DURRRRRRR MORE CHARACTERS MEANS TRADITIONAL BRUTE FORCE ATTACK METHODS TAKE MORE GUESSES / TIME TO CRACK THEM
>HURRRRRRR DE DERP DURRRR 20 CHARACTERS WITHOUT A SPECIAL CHARACTER TAKES LONGER TO CRACK THAN 8 CHARACTERS WITH NON-ALPHANUMERIC
>DERP DE DOO LOOKIT HOW SMERT I AM HERE IS SOME MATH THAT IGNORES ALGORITHMIC REALITY WITHIN PASSWORD HASHING SOFTWARE LIKE HASHCAT

Just put a & or a # in your 20 character long 'correcthorsebatterystaple' password, you fucking dumb piece of shit.

>>58354329
?

>>58348251
You get it my man, that's how I do it. I feel like it's a lot harder to guess at a mental process.

>>58354354
not sure if convincing troll or legitimately retarded /pol/poster

>>58348193
I agree with you OP, passphrases is a stupid idea and it's as easy to crack as normal stupid passwords. Using the right algorythm and good libraries, a 4 word passphrase isn't really harder to crack than a 4 letter word.

I also use and recommend a password manager. However we have to acknowledge that it provides a single point of failure and can therefore be dangerous as well. Ideally it would be on a seperate device only for this purpose.

Fun fact: If you use password managers you will be astonished on how poor some popular services are when it gets to passwords. Using a 30 letter password with symbols, as OP recommended will not be possible on 90% of services.

File: 1481492167957.jpg (2MB, 1933x1795px) Image search: [Google]

2MB, 1933x1795px

>>58354385
Enjoy 8 years of President Trump and republican majorities everywhere.

>>58354354
I literally cannot read that nonsense paragraph that you wrote. Why don't you return once you have at least a basic understanding of English.
Reading comprehension would help too, so that you understand the point that the image is making rather than jumping to your fucking retarded conclusions.

>>58348193
> He hashes passwords using a checksum hash like Sha-1 or md5

Please stop.
bcrypt senpai and scrypt souhai won't notice you if you keep this up.

>>58348479
That's certainly true.

Viel Erfolg.

>>58354329
That would be an improvement over the current state of affairs.

>use a mental algorithm for all online passes
OR
>use a single incredibly complex password on an encrypted volume containing all your other passes

I combine both desu but with 2fa

>>58354411
Joke's on you, I live in New Iran

>>58348479
Lass dich nicht unterkriegen, eine neue Sprache zu lernen ist es immer Wert.

>>58348479
Germany is such an astonishingly beautiful and expressive language compared to English that I have to weep and sob every time I translate something

>>58348193
That's a lot of words to write: "general purpose hashing algorithms shouldn't be used for hashing passwords". OP, as always, is a faggot.

Femanon here. I'm not sure what OP is talking about but I'm pretty sure he is a faggot.

>>58354706
Femanon here, smd (:

>>58354481
You're not at risk of bruteforcing you fucking ape

accounts get locked down and a flag is raised when 100,000 attempted logins occur in a day.

Hell can't you set login attempts to once every 15 seconds?

>>58348193
>not using at least 3 different languages on your passwords

Are you trying to get hacked on purpose?

How many characters are in xkcd's example... Now do your math on that... Next go find something to actually be pissed at like password length limits or no password minimums.

>>58348193
Ultimately any dictionary word has the cryptographic strength of a single character.

That password has the same cryptographic strength as the word: derp

>>58348193
I don't think you read the comic and you might be retarded.

>Let's be VERY generous and use 10,000 of the most common words in the English language
Why? You're being way more generous than Randall is. This is the biggest red flag that you didn't even fucking read the comic. Randall allocates 11-bits of entropy per-word, which means he's only using a dictionary of 2048 words. There is no need to give his argument more leeway than this.

>10 billion is approximately the amount of hashes a password cracking rig (given 4 Titan X) can compute in one second
Yeah, hashes. You're about four orders of magnitude off for key derivation functions, which are in the millions and hundred-thousands. Let's do this properly:

8 NVIDIA GTX 1080s can compute 3 million scrypt hashes in one second.

2048 ^ 4 / 3 million = 5864062 seconds = 68 days

But wait, that's still not a lot. Let's read the comic again.

>1000 Guesses/sec (Plausible attack on a weak remote web service. Yes, cracking a stolen hash is faster, but it's not what the average user should worry about.)
Ding ding ding!

You're arguing a point that the comic didn't make. It even admitted it's not trying to say what you think it's saying. The only claim the comic made is that a four character passphrase is a stronger than the tweaked single-word password shown in the first panel. Whether this is true or not isn't important because you didn't address the issue in any way.

Yes, if you don't have to remember the password you can generate a much better password with a password manager, but that claim has no relation to the comic you posted. You just wanted to get upset about a popular webcomic.

>>58355730
This would be true if the English language had 26 words. Bravo.

>Master password KeePass
20-40 letter phrase with a special meaning, numbers and symbols that you will never forget

>Master password Apple
same as above, biometric data, iPhone code, bricking the device safemeasure

Website passwords:
>Critical (email, finances)
randomly generated with the password generator, as complex as the website allows and 2-step identification.

>Medium
randomly generated with default settings

>Low
something easy to remember

Don't put all your eggs in one basket.

>>58356090
>letter
I meant 20-40 words.

>>58353406
Some don't hash them. I once got sent a mail with my password in plain text when I was expecting a recovery link.

>>58348193
Your whole argument depends on the user using commonly used words in a pattern as shown in the comic.

Noone in their right mind does this, ever. Especially not people that are somewhat tech savvy.

What you SHOULD use is a combination of a retarded, hard to remember password and a simple sentence. Replace some letters with numbers, put in some typing errors and add special characters. It should still be easy to remember if you use some kind of selfmade system to create a password, while still being over 30 chars long and almost impossible to guess for a machine.

An example of a system to use:
Every 2 words replace all "o" and "t"s with numbers, instead of using spaces use special characters from right to left starting at the number of words in the sentence, end every second word with the birthday of one family member, starting with the oldest one etc. You can make up your own, easy enough to remember system since the possibility are practically endless.

Speaking from experience, I can remember a password like this when I have some kind of a system. Its long, guessable and insanely hard to crack.

>>58356625
>guessable
I meant un-guessable, obviously.

Also I forgot to insult OP.
>>58348193
stop being fucking retarded. No sane person takes this literally.

>>58348251
-31ywNAstLOD96+=

What's my algorithm?

>>58351196
>>1 uncommon japanese work written in romaji and written wrong
oh shit, how long is that work you're writing down each time? a few pages?

Mine are strings of random characters 20 something long. What I do when I need a new password is use a random string generator, then add one character each day. It's easy to remembee this way. When I get to the max size or stupid long, I stop.

File: 1471484076678.jpg (29KB, 412x430px) Image search: [Google]

29KB, 412x430px

>not using names of players who were on your original WoW server in 2005 as passwords
Literally impossible for anyone else to guess

>>58354329
if someone has physical access to your pC, you've lost anyway

>>58354570
French has that as well. It has certain beauty to it, and unfortunately English diluted the precision, the variety of it, along the way. French has such expressiveness to it that it makes listening/reading masters, true masters of the language, such a fun experience. Anything Jacques Bainville wrote is a work of art. I'm in the process of learning German, and I pick up on the dexterity that French manages so well, but that was lost in English on the way. It's such a shame neither German nor French became the international language: I understand, English has an ease to the language that makes it the ideal language for people to learn as a second language, but there's better way to express oneself. The eloquence in German just never reached English.

I don't think password strength is a limiting. Or even notable factor in security today.

People aren't gaining access by bruteforcing. They're gaining access through social engineering.

>>58356751
dadada

>>58348193
>he doesn't use romaji in his passwords

>>58353120
no, most of the systems are using either bcrypt, scrypt or pbkdf2 right now, which mean at most you can only process around 1000 hashes per second.

>>58355730
>Ultimately any dictionary word has the cryptographic strength of a single character.
Uh huh.

File: 1437796304000.gif (2MB, 320x240px) Image search: [Google]

2MB, 320x240px

Use dice ware.

According to this:
https://gist.github.com/epixoip/a83d38f412b4737e99bbef804a270c40

using 8 1080 can only calculate 105.7 kH/s for bcrypt, which is a common strategy for storing password.

>>58356939
>bcrypt
try again

common is MD5, followed by SHA1

>>58352003
If your security system depends on people not knowing the method of security you used to be secure, then it's shit.

>>58356716
>Implying I didn't play completely solo back in the day

>>58357133
But no one uses MD5 anymore because of how insecure it is.

>>58354570
>>58356741
I'm Polish and I feel the same about my language. It's much more precise. The verb itself changes depending on the person it's being used for. The information contained in polish sentences has a steady flow of information, you don't need to hear the whole sentence until you can start understanding something, unlike german or english where the sentence can end with something like "nicht" or "yet", completely changing the information the sentence is conveying. On the other hand polish has a lot of exceptions to its rules, unlike german which generally stays 98% true to its rules and has few exceptions in comparison. I admire how rigorious german language is. The thing about that language I'm not a fan of is the flipped 2-digit numbers, for example 28 is "achtundzwanzig" which in direct translation means 8+20 - in most languages numbers like that are composed like 20+8 (for exmaple "dwadzieścia osiem" in polish). I can see this being better when reading numbers very close in order to someone out loud - when reading something like 22 24 26 28 you would start each of the numbers with the part that is changing, conveying the more important information a little bit faster.
Can't say anything about how french because I wasn't learning it. I heard that the French generally have a "speak our language or get the fuck out" mentality and refuse to learn other languages themselves. That's a stereotype but stereotypes don't come from nowhere.

>>58357298
it's not so much that they refuse to learn other languages as they have a whole institution dedicated to preserving the French language that actively resists the incorporation of foreign vocabulary into daily use.

>>58357298
>flipped 2-digit numbers
But that's the only real way to do it. It's partly done in english. You say e.g. fourteen, not tentyfour.

>>58357353
Only for the tens though.

>>58357218
HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

>>58357298
>he thing about that language I'm not a fan of is the flipped 2-digit numbers, for example 28 is "achtundzwanzig" which in direct translation means 8+20
Literally no German likes that. I generally just accidentally pronounce it in the english order, e.g. I'd call 28 “zweiundachtzig”, and my friends do the same often enough to the point where we've just gotten used to it.

>>58356716
>Implying I don't use Xbox live and steam tags instead

You'll never guess what xXIN0Sc0peTh3PopeXx is the password for.

>>58357503
I'm so used to it, I don't give it any further thought.

And I don't know any native german speaker who has issues with mixing it up like you do. If anything, you should call it 'zwanzig acht', not 82.

>>58357649
>And I don't know any native german speaker who has issues with mixing it up like you do. If anything, you should call it 'zwanzig acht', not 82.
I'm a native German speaker.

>>58357695
I don't know you. Probably.

I've actually one guy who had a bit of an issue with it. But I'm not sure if he was raised in germany or not. Victor.

>>58348193
You are on 4chan, which means you swim in dirty water.

If I backdoored your computer I sure as hell would make my first few kilobytes a lookarround for saved-fucking-passwords.

Also: one hard drive failure and your identity is so thoroughly gone you may as well move back into Mum's house.

INB4 some moron says "lets just upload all our passwords into a cloud".

>>58357813
what do you define as kilobytes though. 1000 bytes, or 1024 bytes?

>>58357813
>is on /g/
>doesn't have RAID+snapshotting+regular backups to external drives

>>58357813
The risk of forgetting your passwords if you memorize them by hand is far greater than the risk of losing your passwords by fuding all your copies

In both models, you're making the assumption that you can recover services to which you lost the password. The difference is that with one, you basically have to *rely* on this being possible, because good luck trying to remember 100 different unique per-service passwords of sufficient strength.

>>58357856
One kilobyte is 1000 bytes. One kibibyte is 1024 bytes. Unless you're from Microsoft.

>>58348193
The comic compares two password schemes.
It assumes in both that the attacker knows the exact scheme you're using.

And the first one is indeed weaker under that assumption.
It is not a completely random combinations of letters and symbol, it uses a base word and does slight modification to it.

The comic even uses a smaller dictionary for the passphrase: 11bits, so 2048 words. But 2048^4 is still bigger than 2^16*2*8*8*4*2

A with password like this z[ZF7r*qmv]!X it is best to remember it multiple ways, then link the memories together. The order of how you remember it doesn't matter as long as there are at least a few, you can type it out over and over in a text editor and remember the finger locations like muscle memory, or you can make up a story about the characters, or you can write it out by hand over and over, and you can say each character aloud in your mind or verbally. After combining a few of these, then re rehearsing and reciting it on a daily basis there is usually not a problem remembering it. If there are only about 12 characters it's not bad either. Possibly creating words out of the characters is another way, as long as one single method of remembering is not relied upon.

Little zebra in a bracket Zoo Fucked by 7 raccoons seeing stars and is queen of (m)o(v)ing the last bracket ! e(X)claim I don't know get creative with it but if the story has a personal meaning like something that happened in the day and link it to that it can be even more memorable.

>>58358221
It's worth noting that the comic goes out of its way to highlight the *effort* associated with memorizing any particular amount of entropy, as well as the entropy associated with the schemes presented.

It doesn't take much effort to notice that the CHBS technique can be extended to 5, 6, 7, ... words depending on your desired compleixty, and you will always gain more entropy while still being able to easily memorize it than you would out of an equivalent “difficult” password.

That's the thing nobody seems to get about password schemes: It's all about entropy-vs-effort. You can assume you have some fixed memorization capacity per password before you start forgetting it again, so the goal is to extract the most amount of useful entropy out of that memorization budget. The answer, of course, is to use mnemonic techniques instead of relying on random symbols and other things that humans simply can't memorize.

>>58357298
I'm French. The reason why the stereotype exists is because most if not all french countries are part of an international organization to standardize french and prevent it's degradation via the adoption of anglicisms. It's especially true in regions where the french speakers are completely surrounded by english speakers. Such as Quebec (which has managed to keep its french relatively pure for 250+ years of english occupation, despite a sizable portion of its population now also speaking english) or african colonies.

As for the number thing. I can't speak for polish or german, but french is pretty similar to english when it comes to numbers. Twenty-eight for instance is Vingt-huit. Vingt meaning Twenty and Huit meaning Eight.

It stays the same no matter the length of the number.
"Two-thousand two-hundred thirty-three" (2233) would be "Deux mille deux cent trente-trois"

One major difference between french and english is the fact that adjectives are reversed and that nouns are gendered. For instance. "Une fleur bleue" would be "A blue flower" and the "e" at the end of "bleue" denotes that a flower is female gendered. It becomes second nature to "guess" what gender a specific thing is in french, but it's by far the hardest thing to learn and it's by far the most common error I hear whenever I hear non-native french speakers talk, they tend to gender everything masculine.

>>58358278
>random letters and symbols inserted into his story
somebody needs to read the xkcd comic

Why are you wasting memorization effort on pointless symbols that increase your password's strength by 0.001% but make it 50% harder to memorize

>>58358299
Because i have schizophrenia, plus what about a word list. List of all words instead of combining single characters combine single words in a password.

>>58358289
French numbers are shit.

4-20-19 is how you say 99 in French.

>>58358345
>Because i have schizophrenia, plus what about a word list. List of all words instead of combining single characters combine single words in a password.
?

>>58358289
>As for the number thing. I can't speak for polish or german
How come German kids are forced to learn French in school but French kids aren't forced to learn German?

>>58358289
>whenever I hear non-native french speakers talk, they tend to gender everything masculine.
Isn't that just reddit?

>>58358397
>forced
You usually get at least one alternative like Latin.

>>58358289
>but it's by far the hardest thing to learn and it's by far the most common error I hear whenever I hear non-native french speakers talk, they tend to gender everything masculine.
What fascinates me about word gender is how easy it is to “guess” word genders for words you've never heard before, just based off the sound; as well as the degree of similarity in word gender between the various languages. Like a word that's male in german is often going to be male in other languages as well. Part of it has to do with gender roles in language, i.e. the “soft” feminine and the “hard” masculine, another part of it probably has to do with close language contact and words being shared between languages or developed via the same linguistic routes.

>>58358422
Oh great, so I get the choice between learning a language that's at least useful and a language that's literally dead

>>58358383
A list of all words is the alphabet in the cracking program, and you choose 4 or 5 of them to combine over and over as attempts.

CowDogCatDeer
CowCatDogDeer
CowDeerDogCat
CowDeerCatDog
CowDogDeerCat
CowCatDeerDog
ManBearPigZebra

This is only if you knew that password was a four word combination.

If a modern system does not have any sort of login failure daemon then they are a failure. Brute-forcing in 2017 shouldn't be a thing. You could even set it to something like 30 tries before it locks.

If Stacy fails her password 30 consecutive times then her name should be forwarded to some sort of notification system that dispatches a death squad so she does not contaminate the gene pool any further.

>>58356668
>finding a sequence from one value

>>58358477
Not really related but this thread is all over the place anyway:
I fucking hate overzealous login failure mechanisms.
Like getty, a single wrong attempt and it makes you wait a few seconds.
As if a brute-forcer needs only two attempts to crack a password.

>>58358379
True, it's an issue when it comes to numbers above 70. Seventy is "Soixante et dix", 60 and 10. 80 is "Quatre-vingt" 4-20. And 90 is "Quatre-vingt-dix" 4-20-10.

Although that's not universal to every french countries, Belgium, for instance, doesn't have this problem.

>>58358397
I don't know about that, I'm not from Europe. I had mandatory English and semi-mandatory Spanish classes instead when I was young. I'm thinking about picking up German actually. In Canada I know that both English kids are forced to take French classes and French kids are forced to take English classes.

>>58358403
I know you're joking, but it's really a standard issue with people learning French. It's a quirk of the language and it has to become instinctive because it would be impossible to memorize all of it. You often hear people say things like "Je me suis acheté un table de chevet pour mon chambre" (I bought a nightstand for my bedroom) but "Table" and "Chambre" are gender female. "Je me suis acheté une table de chevet pour ma chambre" would be accurate.

>common english words
Good thing I use a combination of different languages.
Klingon is very good if you need special characters and capital letters while having easy to pronounce passwords.
Although apg is always good for inspiration.

File: 1483046344577.jpg (25KB, 323x454px) Image search: [Google]

25KB, 323x454px

>He doesn't use phonetic latin phrases as passwords

>>58348193
>Not using 4 random words in 4 different languages.

File: 1459224502327.jpg (19KB, 390x356px) Image search: [Google]

19KB, 390x356px

>>58358648
>He doesn't use bushman clicks interspersed with Esperanto as passwords

>>58358678
>>58358630
>>58358648
You guys are missing the point.
That's not what the comic was trying to teach.

>>58358469
Yes, that's the threat model we're operating under. I'm not sure what exactly your question is?

>>58358451
Aren't bridges feminine in German? What part of a bridge fits traditional gender roles?

>>58356668
Easy, you use that password for every service

>using words as passwords

>>58358705
>What part of a bridge fits traditional gender roles?
men walk all over it?

>>58358705
They're usually wide open arches ?

A bridge is masculine is French by the way. Un Pont.

File: 1474309263688.png (34KB, 155x162px) Image search: [Google]

34KB, 155x162px

>>58358681
>He doesn't use phonetic pronunciations of entire works of German literature converted to raw binary as passwords

>not using fingerprint recognition in place of a password

>>58358221
there is a problem with the first scheme, the additional bits for changing the password are only more or less accurate for exactly the given format. For example, changing the single digit to an arbitrary number of say at most 6 digits gives 20 bits of entropy instead of 3, and 28 + 20 - 3 = 45 > 44.

(yes I know, nobody picks a 6 digit number at random and memorize it, but you can easily get it from a year, a date YYMMDD, a phone number, etc.)

>>58353127
>but there's much more to this world
poor countries nobody sane would choose to live in

>>58358757
>He doesn't use laser scanned cuneiform tablets as passkeys to access his computer instead of a password. Literally un-crackable (unless the tablet cracks).

>>58358705
It's die Überbrückung, die Überführung, etc.
makes sense

>>58348193
>use a random password generator to make a password at least 30 characters long
>at least 30 characters long

You sound clinically insane.

>>58358772
Might as well have no password

>>58358773
>yes I know, nobody picks a 6 digit number at random and memorize it,
So why mention it? The comic was based on what people literally do, and the status quo based on asking my peers and my own past experience (before I started using diceware + password managers) seems to be ‘one digit at the end’, or ‘one symbol and one digit at the end’ if you were forced to include a symbol

>>58358789
>die die die
Now I know why Germans are so aggressive all of the time, the language is contaminating them!

Jokes aside, when I was in the U.S. as a kid and brought over a box of ‘Die Sims’, my friend literally thought it was a game where you had to do stuff like make the sims drown in pools etc.

>>58358882
What's wrong? Too short?

>>58358997
On the contrary.

If you had such a password made of only random lower latin letters and digits and if every person on earth had a computer 1 billion times faster than current state of the art and if they all united for a coordinated efort to break your password, it would take them something like 200 billion years.

>>58359198
That's great

>>58359215
Pointless overkill is what it is. Especially taken into account the fact that KeePassX uses multiple hashing rounds, making password cracking that much slower. 20 or even 16 symbols may serve you just as well.

>>58359273
What's the harm done by using 30?

>>58359286
If you are using such a password to encrypt your password store, it takes longer to type and you're more likely to forget it.

If you only ever use one device and don't ever have to share passwords with anyone else, and never have to use these paswords in a context where copy-pasting is not an option, then yeah, go ahead and use this password for your online account. But i bet you, once in a while you will have to look up that password and type it yourself, and it will be pain in the ass.

>>58359378
I thought anon was talking about the passwords generated by the password manager

>>58359467
yeah I was wtf

File: im_with_her_2x.png (113KB, 1480x1265px) Image search: [Google]

113KB, 1480x1265px

>>58348193
>xkcd

>>58358899
>So why mention it?
Because you need to pick a number (or word...) at random to get the full entropy, but usually you pick already known numbers that you can easily remember.

If the attacker doesn't know what number you picked, he is forced to check them all.

So Tr0ub4dor&530316 (say from a birthdate) is harder to break than correct horse battery staple.

>>58359575
I'm willing to bet the numbers picked follows zipf's law, with 1 being the most common and so on.

>So Tr0ub4dor&530316 (say from a birthdate) is harder to break than correct horse battery staple.
My point was that people don't seem to use this, so your comment is irrelevant. People in practice use 1 at most.

>>58354210
>Learning haskell when computers know more than you from you

>>58359643
>530316 (say from a birthdate)
someone old enough to qualify for medicare would likely just use "password" as their password

>>58359572
Did he put up an angry strip when (((she))) lost?

>>5834819
you compare it to something like larson
it's shit

>>58359643
My point was that the format in the comic is too limiting. You can get the same level of hardness by saying to add the postal code/birthdate/phone number/... to the password, without extra difficulty in remembering.

>>58359749
say that to mister Richard Matthew Stallman (born March 16, 1953).

>>58360131
Your postal code, etc. wouldn't add any entropy at all since it is not random.

>>58356716
>Implying that this shit isn't in a dictionary

>>58360131
stick figures and 'clever' text

utter utter shit

>>58360131
http://www.datagenetics.com/blog/september32012/

>>58360131
Too predictable

>>58359467
>>58359541
Yeah, well, perhaps he was talking about passwords _in_ password store, not _for_ password store. If that's the case, he may not be clinically insane.

I used to have long random passwords stored in keepassx. But it was annoying way too often. E.g. a guest asks for my wifi password. Or clipboard sharing doesn't work through remote desktop. Or I want to login to some service on my phone (don't really want to use keepass for android). Or some other annoying shit happens. To be honest, there's not much point in having super secure passwords for simple services.

>>58362008
Forgot to add that I don't think my use case is the same as everyone else's. My point only applies fully if he was talking about using 30 symbol password to encrypt password store, anything else is just blog-tier babbling.

>>58356741
French should have been the international language because they can't manage to learn english and because of this I'm quite ashamed of my country.

French is gorgeous because of the 19th and 20th century
Go check Some poems from beaudelaire, rimbaud or appolinaire (la chanson du mal aimé is awesome). Bonus point if you listen to Léo Ferré singing them (his interpretation of Le Bateau Ivre is amazing).
But even in literature, one you got it and start to look at the meaning of the words, you realize how great some texts are.

I just remember one for my keepass database then generate the rest randomly. Only time I will make a memorable password is if I need to use that password on a semi-regular basis without my KP db, which I've only needed to do for like, two things.

>>58357188
Then you missed out on everything good in it, the community is what made WoW great

>>58360195
nothing is random you dumbfuck. everything is only pseudo-random

File: free_door.png (78KB, 566x577px) Image search: [Google]

78KB, 566x577px

>>58354354
Everybody hates Randall

>>58348193
My passwords are ~20 characters long and pretty much look like random characters.