Thread replies: 28
Thread images: 5
Thread images: 5
File: 1502238123170.png (282KB, 740x601px) Image search:
[Google]
282KB, 740x601px
Oh hey guys how accurate do you think this xkcd comic is?
>>
>>61817242
It doesn't take dictionary hacks into account, just bruteforce.
>>
>>61817242
Die in a fire you piece of shit.
>>
>>61817260
/thread
>>
>>61817260
You know very well it takes dictionary attack into account. Cunt. 44 bits = 11 bits per word; 11 bits per word with non-dictionary brute force attack is no more than 3 characters. Not enough even for 'horse'.
>>61817292
You too.
>>61817282
Patience. I have something very nice prepared for this thread.
>>
So someone posted this exact thread earlier, and I argued with some asswipe about how top panels are a bad representation of what people actually use as passwords, which, if true, completely discredits author's snarky statement at the bottom of the "comic".
My experiment is checking a list of most popular passwords to see how many of them match the scheme provided in top left panel.
This is the list of English words I used: https://github.com/dwyl/english-words/blob/master/words_alpha.txt
370k words; author assumes just 66k words in his comic, so I'm using a dictionary much larger than what he uses, with 18.5 bits of entropy per word instead of 16.
A million popular passwords: https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt
This is the script I used: https://pastebin.com/cv46xZ4C
Instead of his 4 bits of entropy for punctuation, I use 5, all ascii punctuation; instead of his 3 bits for digits, I use 3.3, all 10 digits.
And it turns out that out of a fucking million most popular passwords, his scheme in top panel matches just 80.
Here they are: https://pastebin.com/2RuePSRf
>>
>>61817260
dictionary attacks won't really make any difference.
>For passwords generated by a process that randomly selects a string of symbols of length, L, from a set of N possible symbols, the number of possible passwords can be found by raising the number of symbols to the power L, i.e. N^L
If you have a dictionary size of 10,000 works and you pick a length of 4 words, you end up with 10,000^4 combinations you need to go through with a dictionary attack.
Increasing the length of your passphrase makes things tougher than increasing the lenght of your password by 1 letter.
The jump from a 8 to 9 letter password (62 possible characters in use) goes from 10^14 to 10^16
Meanwhile going from 4 words to 5 (10K word list) jumps from 10^16 to 10^20
>>
File: beer_2x.png (85KB, 1198x564px) Image search:
[Google]
85KB, 1198x564px
>>61817242
>XKCD
>>
File: im_with_her_2x.png (113KB, 1480x1265px) Image search:
[Google]
113KB, 1480x1265px
>>61817587
moar
>>
>>61817587
Beer is shit though - it's an acquired taste which means it's not inherently tasty.
>>
>>61817587
Are you saying he's no fun at all?
>>
File: 1479695879628.jpg (88KB, 717x880px) Image search:
[Google]
88KB, 717x880px
>>61817815
>>
>>61817870
Underage pls go
>>
It's a 2 on my accuracy scale.
>>
>>61817895
>someone was asshurt enough to make this
You lost, get over it.
>>
>>61817242
Seems legit. I'm changing all my passwords to correcthorsebatterystaple right now.
>>
>>61817905
Reddit pls
>>
>>61817926
Tumblr pls
>>
>>61817242
This is secure for online passwords, since most online services have authentication protection for wrong passwords. For local passwords then yes, it's probably a bad password to just add a string of random words.
>>
>>61817934
4chan is traditionally liberal
You think all those trap threads are a joke?
>>
>>61817870
Maybe you're drinking shitty beer.
Single malt scotch is shit tho.
>>
>>61817944
Last (You)
>>
File: oh_look_its_this_thread_again.jpg (8KB, 200x118px) Image search:
[Google]
8KB, 200x118px
>>
It's bad advice, because it only works well for a few passwords. Since you want to be using a different password everywhere, your best option is to use a password manager that generates a random string as long as permitted to be your password for each site/account.
>>
>>61817944
wow I never looked at it that way...guess I should've voted for Hillary.
>>
>>61818010
>Being a burgerfat
>>
>>61818005
>a random string as long as permitted to be your password for each site/account.
Problem with that is that it's almost impossible to know how long you can make it. And some sites are so stupid they just shorten your password to the max length instead of telling you the length or notifying you that your password isn't allowed.
I just stick to sane lengths of about 20-30 characters (which are still too long sometimes).
>>
>>61817260
it does
http://www.explainxkcd.com/wiki/index.php/Password_Strength
Thread posts: 28
Thread images: 5
Thread images: 5