[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vr / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / asp / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / qst / sci / soc / sp / tg / toy / trv / tv / vp / wsg / wsr / x] [Settings] [Search] [Home]
Board
Settings Home
/g/ - Technology



Thread archived.
You cannot reply anymore.



How the fuck is
horse battery dildo stallman smartphone jazz basedbean

a more secure password than
Q2O?`0|;az6<j>9A8BgNzdKg@exCu@


How does /g/ come up with their passwords?
>>
File: pass.jpg (190 KB, 839x1010)
190 KB
190 KB JPG
>>65968481
Do the maths
>>
>>65968481
Adding more total degrees of entropy (making the password longer) is usually better than making each degree larger (adding more symbols)
>>
>>65968481
More characters = more entropy = harder to brute force.

HOWEVER, combining only a couple common words is susceptible to similar attacks, using dictionaries. Realistically, the strongest, yet still memorable passwords combine passphrases with some symbol replacement somewhere.
>>
password manager
30+ char random string
plenty strong
https://lowe.github.io/tryzxcvbn/
if you're trying to remember a password
you're doing it wrong
>>
>>65968481
is it possible to hire niggers to dance at your funeral?
>>
>>65968529
2+2=4-1=3
>>
why are all those people carrying coffins of passwords i don't even get it
>>
My passwords are fucking lazy. I'll make a 6 or 8 digit random number / letter password, then double it up by typing it again, but while holding the shift button.
12 or 16 digits of uppercase, lowercase, numbers, and symbols. Fuck it, good enough....
>>
>>65968620
>2+2=4-1=3
Did you just say that 2+2=3?
>>
>>65968618
>>65968618
whoa fucking racist much?
>>
Set all your passwords to "Password123", they won't expect that, amirite?
>>
>>65968618
It's really respectable. When people die, they are celebrated rather than mourned.
>>
>>65968641
Sorry...
2+2=4
4-1=3
Just some quick maths.
>>
>>65968669
Maths are powerful things, anon, you have to make sure not to make any mistakes, lest you make a mistake like that again.
>>
File: Spaceballs-12345.jpg (98 KB, 1224x792)
98 KB
98 KB JPG
>>
>>65968481
> flip to a random page in a textbook
> find a weird word
> add some numbers and special characters
> stuff like =+WignerCrystals834
That's what I do if I actually have to remember a password. I usually use LastPass though.
>>
>>65968481
>>65968529

Top password:
lowercase characters - 26 options
spaces - 1 option
total options - 27
Length - 54
27 possible character options for each of the 54 positions in the password - 27 ^ 54 total possibilities to check

Bottom password:
lowercase letters - 26 options
uppercase letters - 26 options
numbers - 10 options
special characters - 33 options
total options - 95
Length - 30
95 possible character options for each of the 30 positions in the password - 95 ^ 30 total possibilities to check

If you were just going to randomly check each possibility using only the possible character options, the top password would take several times longer to crack. However, if you were going to combine 7 english words together to get a password, then the calculation is
English words in dictionary - 171476 options
length - 7
171476 possible words for each of the 7 positions - 171476 ^ 7 total possibilities to check

Which is magnitudes less than the original

>How does /g/ come up with their passwords?
Randomly generated alphanumeric strings, as long as possible, stored in a password manager
>>
>>65968716
What fucking luggage has a five-digit combination?
>>
>>65968785
what happens if your computer crashes, or you're on another machine? how do you access those?

inb4
>da cloud
>>
>>65968803
Dropbox. The password database is encrypted with a strong password, the long weird phrase type with some numbers and symbols sprinkled in it for good measure. I'm not worried about my passwords getting cracked, I'm more worried about reusing passwords.
>>
File: Him.jpg (147 KB, 1920x1035)
147 KB
147 KB JPG
>>65968787
His apparently.
>>
>>65968583
Nope. Dictionary attacks are only relevant when your password is a single word or just a few really common words. A password generated randomly using an entire dictionary (sans words less than four characters) will quickly add entropy.

fH6d#x9Hl*Ps

has roughly 58 bits of entropy.
disregard lost gate what

has roughly 90 bits of naive entropy and is way easier to remember.

>But dictionary lookups!
If the latter password was randomly chosen from a dictionary with 50,000 words (and the attacker knew which words were in the pool!) then the best attack would be against an entropy of 50,000^4 or 2^62. Adding one more word makes it 2^78.
>>
>>65968481
Is it more secure to use uncommon yet cromulent words like embiggen?
>>
>>65968785
This assumes that the attack has more information about your password than they realistically would.

The attacker knowing that your password is exactly 7 english words separated by spaces is about as likely as the attacker knowing half your alphanumeric password.
>>
Are simple phrases of 5 words secure?
>>
>>65969324
I mean, random words are secure. But are they also secure if the words are a common phrase (but not in a known password database).
>>
>>65968481
>How does /g/ come up with their passwords?
Ez
dragon dildo ass shovel
>>
>>65969293
Of course, which is why the top password would be considered secure although when you look at it, it seems like it shouldn't be.

It wouldn't be secure if the attacker knew more information about how your password is formatted, but they don't know this info--that's why it's secure!
>>
>>65968618
In Africa my dude
>>
>read about how people pick passwords
>try it on my brothers phone
>he's always somewhat paranoid about security and says he has a difficult swipe pattern
>swipe the first letter of his name
>im in first try
>>
>>65968481
I use the first names of minor characters in fantasy books, usually 3 names with a number between the 3rd and 4th letter of each name. Is that secure?
>>
>>65969117
lest say you cant write 40 letters / numbers / symbols, for symplicity sake
40 ^ 12 = 1.6777216E+19 different passwords
50000 ^ 4 = 6.25E+18 different passwords
so, in your example, the first example is more complex than the second, making a bruteforce attack
>>
File: Diceware-Dice-Rolls.png (37 KB, 728x654)
37 KB
37 KB PNG
>>65968590
>30+ char random string
if youre using unintelligible passwords youre doing it wrong
1st, online password dont need to be super secure
2, not repeating passwords is king
3, no chosen passw related with anything, must be randon
4, theres no reason it cant be words instead of @*!@¨#!@*#¨!@*#¨

diceware always, less than a handful of words for online shit, you end up memorizing a few of them, bonus

what are you even using as a master password? did you memorize a 30 special chars sequence? 9 words or less with youre bilingual would have sufficed
>>
>>65968716
>>65968866
:)
>>
>>65969524
yeah no, that anon was wrong by parameters but not in strategy
lets say you can use 80 symbols
80^12 = 10^22

he also considered too many words, even you did 50k
14k more or less "uncommon but not alien to most grad schoolers" english words
five words = 10^22

whats easier to use, type, remember? ofc as a master pass you would use a 10-word
>>
File: 13742795233493543.jpg (26 KB, 433x380)
26 KB
26 KB JPG
My question is why would anyone care about dictionary attacks when most websites lock you out after 5 attempts anyway
>>
>>65969676
>80^12 = 10^22
80^12 = 6.87*10^22
>14k more or less "uncommon but not alien to most grad schoolers" english words five words = 10^22
14000^5=5.37*10^20
come on man, do your math.
>>
File: brainlet.jpg (48 KB, 645x729)
48 KB
48 KB JPG
>>65969682
Dictionary attacks happen after the password hashes are stolen. Nobody tries to literally log in as you a million times.
>>
File: 1437175423790.png (16 KB, 174x231)
16 KB
16 KB PNG
>>65969791
That makes so much more sense, thanks anon
>>
In terms of workload, i would say the most important thing is to have a different password per website or at very least not use your email password on anything else, because companies are retarded and one WILL leak your password in plain text, and the first thing the hackers will do is try it on your email.
>>
>>65968620
Q U I C K
U
I
C
K
>>
>>65968529
Only 10 seconds for Ryzen 7. Try harder. :^)
>>
>>65969450
Not anymore
>>
>>65968481
I just use a password manager cause I don't want to memorize 50 fucking passwords. If I need to actually be able to remember it like for logging in my computer I just do the dice shit and memorize it.
>>
I just use something like oniichangentoonigger. No way you can dictionary attack that.
>>
>>65970048
technically speaking, everything is attackable.
Mixing languages is a nice idea used in the real world, because the complexity for a dictionary attack grows so much that SOMETIMES is more viable to do a brute force attack instead of a double dictionary attack, that is making 1 big dictionary from joining other 2.
but try to use not sop frequent words from the 2 languagues
>>
>>65968643
>le fuck
>>
>>65968590
>if you're trying to remember a password
>you're doing it wrong

So how do you access the password manager?
>>
>>65968481
It isn't. It's just easier to remember for non-aspies.
>>
>>65968583
More characters = more entropy = harder to brute force.

1 word = 1 Dictionary Character = less characters = less entropy
>>
>>65968481
>How does /g/ come up with their passwords?
I use `pass` for Linux and Android.
I only need to remember 1 password and have access to my PGP Key.
Database (folder with text files) is synced through gitlab.
>>
File: fuckingspam.png (25 KB, 694x456)
25 KB
25 KB PNG
>>65968481

fucking spam filter
>>
>>65968631
hahaha, me too! It works well and prevents bruteforcing just by length and how uncommon such a rule would be in a password cracker.

I also append a short suffix and a substitution like: abacu5ABACU%_phoenix

which I think is generally strong enough to be considered highly secure
>>
I use 123qwe for everything, never been compromised.
>>
>>65968481
all my passwords are my little pony references
>>
>>65971638
I used to use 13245768 which is a quick and ez dance on the keyboard. Haven't seen it in any password lists yet, feel free to add it bois
>>
>>65970578
biosecurity

i have a USB3.0 cum analyzer
>>
>>65971646
I had 12345678 for my hotmail account for about 10 years and had no trouble. But I came to my senses and changed it about 8 or 9 years ago.

Personally I have a unique passwords for my email accounts, and then about two or three "stock" passwords I use everywhere else. Those are changed up from time to time, usually when a major breach has happened at places like twitter, linkedin etc.

>>65968481
It's not more secure, but a LOT fucking more secure than "1password", and easier to remember.
but doing something like
 horse battery 8 d1ldo stallman smartphone jazz basedbean 

Is still easy to remember "urh, how many dildos can I fit in my boypusi? Oh yeah! 8!", but makes it incredibly more secure.
>>
>>65968481
my friend had password which was

traktor ore pole za domom suka farmar v stodole

which literally means "tractor is plowing field and behind house is farmer fucking in stable"

fuck your generated passwords
>>
>>65968481
It's easier to remember and will take more time to crack assuming the person attacking the password doesn't know the dictionary you used to make your password and that it is a combination of space separated words.
>>
>>65971704
diceware security already assumes the person knows you used diceware.
>>
>>65971722
That just means it'll take even longer to crack my passwords.
>>
>>65971682
>"urh, how many dildos can I fit in my boypusi? Oh yeah! 8!"

exactly that as a password would be even better, larger character set, and a longer password. plus it is more memorable
>>
Why do you people always magically assume that they'll know whether or not you used all lowercase or not?

Do you think they use an all-lowercase brute force attempt on every password before breaking out the big guns that uses the full character set?

Realistically, an all-lowercase password is going to get checked against a full character set, not only lowercase letters.
>>
>>65971892
it's not random
>>
>>65968481
Use different language, so that dictionary attack ia useless
>>
>>65968803
Not him but I carry the database in an old 8MB USB that I use for nothing else
>>
>>65969791
You should see my server logs.
I autoban when someone enters the wrong username. And only 5 password attempts per 30 minutes are allowed, or you get banned for 12 hours.

And yet my logs are still filled with brute force attempts (and matching bans).
>>
>>65972191
I hand out thousands of ip bans to bots per month. Especially admin and root are popular usernames to get banned for.
>>
Different diceware passwords for computer login (personal and work), keepass database, random 16-digit number for phone PIN (I would use 20 but 16 seems to be the limit), 20+ random characters for everything else (numbers, uppercase, lowercase, punctuation), and I change all passwords every 3 months.
>>
Numbers, symbols, and some nonsense words randomly jumbled together. Don't see why it wouldn't work.
>>
>>65969566
>online passwords don't need to be super secure
That's where you're fucking wrong, kiddo.

Unless you enforce a get leaked=tell users ASAP rule, your password might be getting cracked.

I agree with the master password, that needs to be secure. Mine is a childhood character with l33tspeek and two dictionary words. The name is fucking golden tho, breddy obsgure.
>>
>>65968529
I don't even know which of these two is bigger.
>>
>>65969566
my master pw is 60 chars, it's easy when you've only gotta remember one
>>
>>65968481
Obligatory xkcd comic inbound
https://xkcd.com/936/
>>
>>65972631
Oh and my password is cakeSarEtoOsweeT!!1991hotmail
or
cakeSarEtoOsweeT!!1991gmail
and so on and so forth
>>
>>65972631
Obligatory fallacious comic posted.
>>
>>65971618
You can't seriously think a dictionary attack would pick up "stallman" or "basedbean"
>>
>>65968583
>>65968559
Can you guys define the word entropy for me in this context?
>>
>>65969960
Have fun spending millennia making a dictionary of the hundreds of thousands of names and then bruteforcing it for nonillion years.
>>
>>65973388
First a description:
Entropy in information theory measures the amount of information that is contained within a message. The higher the entropy, the less predictable are a message's contents. So if my message is just a single numeric digit, you have a 10% chance of guessing my message correctly. If my message is 1024 characters long, it's significantly harder to predict. Similarly, if my alphabet contains more characters (adding alphanumeric characters, special symbols etc), predicting a specific character within that message gets harder. However, if the characters aren't equally distributed -- e.g. in regular text --, entropy is lower. The chance that a given character is a space character is significantly higher if I'm transmitting a letter, compared to a sequence of random characters of the same length.
I forgot the formal definition; it's somewhere in one of my uni binders. Look it up on Wikipedia, maybe.
>>
>>65971658
innovative
>>
>>65973482
So how is this definition of entropy different from the definition that exists in regards to thermodynamics where energy and matter cohesion is broken down over time?

How can the same word mean two things?
Ie: password length and breakdown of matter and energy
What's the common denominator here?
>>
Why not use 漢字 passwords?
>>
Your password can be fucking qwer1234, nobody will ever randomly guess it in your lifetime anyway

Either a server gets hacked or you leak it yourself. At which point it doesn't matter if it's @fA45Rc#H or iori_sucks
>>
>>65972191
>>I autoban when someone enters the wrong username.
Fuck you
>>
>>65973629
t. person who can't spell his name
>>
>>65973657
I have no time to spellcheck my name, that's what error messages are for
>>
>horse battery dildo stallman smartphone jazz basedbean

yep, this one's going into my bruteforce dictionary
>>
>>65968618
go ask in /pol/
>>
>>65973613
>Either a server gets hacked or you leak it yourself.

that's why you should never repeat passwords
>>
>>65968643
>>65968643
whoa fucking faggot much?
>>
>>65968481
im a little autistic and can quote movies i saw once 20 years ago
so i just do something like that and commit it to memory, and mix it up with numbers and special characters. my passwords are all 10-25 characters long and references to things so obscure that no one could guess them.
>>
>>65973739
I do the same. Only with video game stuff.
>>
>>65973539
>How can the same word mean two things?
Do you also get confused when someone refers to word length, because it doesn't mean the exact same thing as length, as in something that can be measured in centimetres?

Entropy in thermodynamics is pretty similar, actually: The higher the entropy, the less predictable is the position of a given particle (or the presence of a particle within a given volume).
>>
>>65973539
In both contexes entropy is a measurement of the complexity of the state
>>
>>65973677
Now i have to change my passwords
>>
>>65973869
This is a really shitty and condescending way to answer a question

>>65973905
This makes sense, thank you
>>
File: pa.png (17 KB, 977x314)
17 KB
17 KB PNG
>>65968529
put a lot of 1

yeah sure, nice site
>>
>>65968529
None of them are gorillion
>>
I make my passwords off volcano names :^)
>>
>>65973218
stall bean man based
all dictionary words
>>
>>65968618
kek funniest insult ive heard in some time
>>
>>65968481
i usually just combine two or three random words that doesn't fit together at all, like

orangeikeaqueen
lamenorseremote
catshitsouffle
>>
>>65968481
>2018
>Still using passwords
>>
>>65968529
None of them are secure because you posted it online, there is a massive database of compromised passwords that are constantly updated.
>>
>>65969768
shit, right, i was rounding up magnitunes for each word in my mind to make the comparisson, make it six-word then ^24

my point is that even if you use the asci85 printable chars that for that extra entropy 2 * 10^23, its still "orders of magnitude harder" then it is to memorize a sequence or words that have the same magnitude of possibilities, and only considering words that you are familiar with, disregarding obscure and ancient shit which would count in your brain-password-manager as a sequence of a-z chars instead of a dictionary word
>>
>>65969791
>Dictionary attacks happen after the password hashes are stolen
yeah but rainbow tables wont help you there either, assuming its not a dumbfuck running the website who didnt even use at a least site-wide salt
>>
>>65968481
My fuckin sides! What the fuck I watching?
>>
>>65971658
>>65973510
kek
>>
File: 1514940786825.jpg (51 KB, 239x340)
51 KB
51 KB JPG
>>65973425
I will faggot. Say goodbye to your neopets account
>>
>>65972191
>autoban on wrong username
>5 password attempts (well beyond the standard 2 or 3)

yeah but why
>>
>>65972478
>childhood character
lexic dictionary
>l33tspeek
1bit of extra entropy
>two dictionary words
are you fucking kidding me? too little for master

>get leaked=tell users ASAP rule
meaningless, a leak can be undetected for too long and then sold/released a few years/months after rainbow tables have been generated for that site's salt.

a saner strategy would be for YOU to change your passes regularly, nobody is gonna rainbow 18 ascii or 7word in a few months, but you still memorize 7 words for some convenience

but anyway, you main concern shoul be with your weak master, or have it in a pocket computer with no wireless chips
>>
File: 13066237318.png (11 KB, 550x375)
11 KB
11 KB PNG
>>65973942
In a standard character set you have 26 lowercase letters, 26 uppercase, 10 digits, and at least a couple special characters. That's, at minimum 65 possibilities per character.

Brute forcing a password, by definition, means you don't know anything about the password other than (maybe) length. That means they have to guess and check every possible combination that's exactly 32 characters long, as your password is there.

That's 65^32 possibilities. That's 1x10^58 possibilities, and it has to check ALL of them to guarantee that it actually hits your 32 1s in a row.
>>
I just pad a simple password with some character like 11111111nigger11111111
>>
>>65968481
; 64^31
98079714615416886934934209737619787751599303819750539264
; 100000^7
100000000000000000000000000000000000
; 200000^7
12800000000000000000000000000000000000
; 300000^7
218700000000000000000000000000000000000

It's not, but you're more likely to remember it, which means no need for password managers
>>
>>65968618
Yeah, I used Craigslist for my uncles funeral.




Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.