Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Add three words that are weird enough (at least one of them not in like.. top 100.000 used words)
Or mix another language, a name, a title, - swap a letter or add one (or a number) and you're safe. -
w4tsn35017y@RedBorg well, but the point here is that this particular password is not secure at all.
-
For a developer it's pretty easy to create a correcthorsebatterystaple.
iloveindentingmyphpcodewiththreespaces
mysqlisthebestquerylanguageeverinvented
imakeallmywebsitesusingadobeflashplayer -
w4tsn35017y@bittersweet @ArcaneEye a main problem is that since the password is not composed of random words the entropy of all words after the first one is near 0 which leads to affectivly only the first one 'hard' to guess. Intuitively that makes sense since every succeeding word is not only part of a dictionary but also entangled with grammar/logic information which is really helpful in computing the password.
Mathematically the entropy would be for the first word out of a dict of 1024 words 10 bit and for all succeeding words nearly 0. An entropy of 10 is not secure. 5 random words out of 2048 words on the other hand would have 5 times 11 bit entropy, so 55 in total which is quite reasonable. Important is randomization. The same would be achieved with a dict of 100 characters selecting randomly 8. This leads to nearly the same entropy.
The first example is pretty long and rememberable, the latter is the opposite and todays taught standard. -
@justwellbrock I get that entropy decreases when you use words which are commonly grouped together.
I do think the best approach is using a password manager to generate very long and totally random strings.
In some cases, I prefer a human rememberable password though... and I think the decrease in entropy can be mitigated a bit by adding "weirdness" and naturally occurring symbols/numbers.
A sentence like "the $1 purple cakerol tastes like farting sloths" can not easily be brute forced per-character, and is fairly hard to brute force using a dictionary or by training a predictive algorithm, as the words aren't used in "normal" sentences.
Related Rants
What. The. Actual. Fuck.
My co-workers just tried to convince me that the following is a secure password:
"ThisIsASecurePassword2018"
Just... I mean... Why? *sigh*
Their argumentation is based on the new NIST guidelines.
If they've read these guidelines CAREFULLY though... (not only the appendix) it actually states "Don't use words from the dictionary". Passwords like these should even be rejected right away.
undefined
password guidelines
security
nist
wait what?