/pg/ - password general

123454321@#$_&_$#@

>>60607833
Wouldn't a dictionary attack crack that kind of passwords in like 10 seconds though?

>>60607833
I write a bunch of random letters and numbers on a notepad and use that as my password.

>>60607880
Yes. XKDC is retarded.

>>60607833
I often use a single verse from a song, which contains a number or a date, complete with punctuation
produces long passwords, easy to remember, and I hope they're hard to guess

>>60607880
this

>>60607880
I think that combining the two methods to get something like h0rseb4tterys7aple might be the best solution

>>60607833
since i first saw that comic I changed all my passwords to correct horse battery staple and have never been hacked

>>60607880
The search space for dictionaries is MUCH larger than characters. Maybe if you pick only a couple of very commonly used words, you could get dictionary attacked, but if you do it properly, it just becomes infeasible.
Just pick a bunch of obscure words, and maybe even make some of your own up. Then, if you REALLY want to make your password, chuck some random special character in some random place.
hippocampusboronbur_genascension
Good luck trying to crack something like that.

>>60607833
Well, I just use keepassx and generate random 50-chars passwords. I made sure and changed all my passwords so that they don't repeat.

I also don't give a fuck about mobile.

>>60607922
That’s personally what I do, plus I add randomly special characters, so my password is both easy for me to remember but also extremely hard to find. Plus, good luck finding my original words in a dictionary.

>>60607880
XKCD doesn't like logic.

>>60607912
>>60607918
Retards

>>60608360
And you do? There are far more words than there are characters, retard.

>>60608373
Why are you so upset?

>>60607840
Does this really work?

>>60608286
>random 50-chars passwords
Most websites that I've seen don't actually support passwords that long. It's retarded.

File: wake_me_up_by_mrlorgin-d9o5uzv.png (623KB, 1024x576px) Image search: [Google]

623KB, 1024x576px

>>60607913

>>60608011
I've heard that 4 words found in a regular English dictionary is about the same as 8 random letters and numbers.
>even make some of your own up
Creating your own language and writing your passwords with that is maybe the safest, since
you would get long passwords with words that aren't in a dictionary.

>>60608822
The safest would always be to have random characters for any length of password.

>>60608839
Yeah, but then you have to use a password manager or something to remember them.

>>60607840
I've gotta add this to my word lists.

>>60608876
or you learn them by heart.
i have three different password of random alphanumercial of upper and lower cases memorized, all three of length 19 (i like 19)

I just use the same password for everything except my emails and my runescape

>>60609054
I'm not autistic enough for that.

I have a random sentence written in Chinese pinyin for my passwords.

For example: I want to eat chicken and beef! --> Woyaochijirouheniurou!

>>60607833
>Plausible attack on a weak remote web service. Yes, cracking a stolen password is faster, but it's not what the average user should worry about.
That's retarded, the average user is more likely to have his email + password hash + username combination already out there in one of those multi-million entry database dumps than they are to become the victim of a targeted attack.

>>60607880
When he calculates the entropy for the four words, he doesn't calculate it like 26^(number of characters), because then he would have gotten 117, but he assumes that every word has 11 bits of entropy, regardless of length, so he basically assumes that we chose four of the top 2000 words and the attacker is doing a dictionary attack.

>>60609054
Having the same password across services is way worse than having a slightly less strong unique password. Plenty of services get their passwords leaked somehow.

>>60607897

I make extremely long & masculine ones I usually group my waifus names and inject numbers related to dem and a randon two character to separate each waifu it order changes depending on what waifu I am more into, there can be as mucha s 5 waifus, and some of them arent even from japanese media.

File: cease.jpg (19KB, 436x335px) Image search: [Google]

19KB, 436x335px

>>60609163
>more than one waifu
Heretic!

>>60609129
i have three different ones

>>60609204
Yes, I read that. I also assumed you don't use only 3 services, which seems like a valid assumption. So you'd still be having the same password across different services.

>>60607880
it would if the attacker knew it was four dictionary words. Individually "correct", "horse", "battery", and "staple" would be trivial to crack via dictionary. However "correcthorsebatterystaple" would not. This is of course assuming "correcthorsebatterystaple" isn't in an attacker's dictionary, but after XKCD it most certainly is.

>>60609241
They totally use methods that combine different words. That's still a dictionary attack, right?

>>60609235
i also use the same password but twice, or one password with another password after it.
(i do have some repeated passwords inbetween services, should really change that, thanks for reminding me)

>>60609241
wow, are you serious? a dictionary attack find that out just as easily. you simply don't put spaces inbetween when cracking

Op.is.a.fucking.faggot.done0

FYI NIST just called your nonsense password rules now defunct and inherently less secure than just letting people choose their own passwords.

i do for example

echo "[email protected]" >> ./.pass && head -c20 /dev/urandom | base64 >> ./.pass

that way i get a random 20 character password directly appeded with its area of use into a dotfile

you could even use it as a script

#!/usr/bin/env zsh
echo "$1" >> /home/me/.pass
head -c"$2" /dev/urandom | base64 >> /home/me/.pass

unless your a pedo a dotfile should be concealed enough

>>60607833
That's the theme for my cloud fap folder's password
>tfw it's the strongest password I use

I use my bank card number 7134 3333 1242 0963 that way I always remember it. For longer passwords I add that 3 digit code thing on the phone back - 133

Safe as houses anons

File: 1484808803215.png (174KB, 308x308px) Image search: [Google]

174KB, 308x308px

>>60609557

>>60609513
why not encrypt with salt?

>>60609380
He's not talking about putting spaces in between, he's saying that a password of a single word like "staple" would be easy to crack. Generally crackers run through single words first, because there are a lot of weak passwords of just one word.

The point is that if the attacker knows the format of the password, then it's much easier to crack. But generally, they don't, and they shouldn't.

>>60609583
I don't understand - what's wrong with that?

>>60609592
i dont really trust encryption on a single physical drive due to data being much more easily unrecoverable in errors
probably hashing the passwords and names is a good idea though

>>60609645
>not having RAID stack with 6 levels of redundancy

>>60608822
>I've heard that 4 words found in a regular English dictionary is about the same as 8 random letters and numbers.

Yeah, that's why I disagree with using plain english words in passwords.

I think that if you develop a few bizarre substitutions that you always apply (like always using 'W' instead of 'U'), then you'll avoid the problem of forgetting the substitution, and you'll have a stronger password because it won't match a dictionary attack. Of course, the substitution needs to be bizarre enough -- e.g. don't do the cliché '4' instead of 'A', because they do account for that in the dictionary attacks. Also, avoid any "smart" patterns (like cyrillic substitution -- using 'P' instead of 'R' and so forth); and avoid any simple patterns (like always doubling certain letters, or always using an adjacent key on the keyboard).

All that's needed is just a few bizarre, personal substitutions that you always do on every password, and then restrict yourself to using only words that you can apply the substitutions on.