468
strong password rule (sopuli.xyz)
submitted 6 days ago by sunnie@sopuli.xyz to c/196@lemmy.blahaj.zone
22 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] Viking_Hippie@lemmy.world 4 points 5 days ago* (last edited 5 days ago)

Until you get hit with a dictionary attack.

As I explained to the other one, no dictionary attack will happen upon that exact combination of words any faster than the keyboard mashing preceding it.

Using a COMMON word or a COMMON phrase would leave you vulnerable, sure, but no prediction process is going to happen on the exact combination.

Hell, add a word or two to "SaltyIceteaMaker" and it would make an extremely secure pass phrase. For something without that string in the user id, of course ๐Ÿ˜

[-] SaltyIceteaMaker@lemmy.ml 1 points 5 days ago

It's still less combinations than just scramble tho. It may be enough idk, but an algorithm that just combines words would definitely at some point arrive at like "SaltyIceteaMakerBlueAcorn" it's only once you add random letters/numbers/special characters that a dictionary attack stops working.

Although this probably doesn't matter as it would likely still take like a century or ten to complete

[-] Viking_Hippie@lemmy.world 0 points 5 days ago

It's still less combinations than just scramble tho

Not in any meaningful way, no. There's what, hundreds of thousands of words in the English language? With no apparent pattern, that's a near-infinite number of possible combinations of 5 or 6 word phrases.

Add that most password crackers would use another kind of attack that presupposes that there's numbers and special characters and you really have redundancy on redundancy.

an algorithm that just combines words would definitely at some point arrive at like "SaltyIceteaMakerBlueAcorn"

Not within your lifespan or even that of humanity.

it's only once you add random letters/numbers/special characters that a dictionary attack stops working.

That's just not true if you don't consider "might theoretically get there in a million years" as "working".

Although this probably doesn't matter as it would likely still take like a century or ten to complete

Exactly. So your entire point is moot. A password or passphrase doesn't need to hold for longer than the existence of the account (or whatever's being protected by it), the user, or the species of the user.

[-] SaltyIceteaMaker@lemmy.ml 2 points 5 days ago

Chill bro it was just me rambling about and even arguing against myself. Didn't have to make a whole callout post lol

[-] Viking_Hippie@lemmy.world 2 points 5 days ago

I was just answering your arguments and didn't want to let all of that mental work go to waste when I saw the reveal at the very bottom ๐Ÿ˜„

load more comments (1 replies)
load more comments (1 replies)
load more comments (5 replies)
this post was submitted on 15 Sep 2024
468 points (99.4% liked)

196

16245 readers
2331 users here now

Be sure to follow the rule before you head out.

Rule: You must post before you leave.

^other^ ^rules^

founded 1 year ago
MODERATORS
moss@lemmy.blahaj.zone
greembow@lemmy.blahaj.zone
moss@lemmy.world
queue@beehaw.org
funky_rodent@lemmy.blahaj.zone
PeachyMcPeachface@lemmy.blahaj.zone
threegnomes@lemmy.blahaj.zone
greembow@lemmy.world
remotelove@lemmy.ca
Roflmasterbigpimp@feddit.de
qaz@lemmy.world
A_Very_Big_Fan@lemm.ee
qaz@lemmy.blahaj.zone
qaz@lemmy.ca
A_Very_Big_Fan@lemmy.world
qaz@lemmy.dbzer0.com
Qaz@lemmy.ml
qaz@sh.itjust.works
qaz@lemmy.sdf.org