Search found 5 matches

by rewolff
Thu Aug 11, 2011 8:05 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 321486

Re: 0936: "Password Strength"

Can anybody see any drawbacks in using the same 'base' password and just adding an account- or site-specific string to the end? For example: Account: Facebook Password: hunter2facebook Account: Gmail Password: hunter2gmail Yes... Suppose through a snafu at Facebook a hacker has captured your passwo...
by rewolff
Thu Aug 11, 2011 7:57 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 321486

Re: 0936: "Password Strength"

Even if you know my methodology for generating these passwords, they remain strong if the passages are chosen arbitrarily. Now that's where you're wrong. The strings look random and hard-to-remember, but once you know the methodology, they are "easy". Let us consider "take a passage ...
by rewolff
Wed Aug 10, 2011 8:59 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 321486

Re: 0936: "Password Strength"

Re: lockout: In practice if you want to hack say the vice president of some company, you can figure out his name and his account name on several sites by just using web searches. You can then distribute the password attempts over those sites. And you need only one of those who doesn't have the locko...
by rewolff
Wed Aug 10, 2011 8:24 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 321486

Re: 0936: "Password Strength"

What everybody who is calculating "password strength" is forgetting is that you should rank your searching order by entropy. So while "lowercase e" is 1/26th of the lowercase letters (entropy = 4.7), it occurs some 12% in normal texts (entropy = 3.1). So instead of trying "e...
by rewolff
Wed Aug 10, 2011 7:38 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 321486

Re: 0936: "Password Strength"

I have always used my last name as the account name. So at one point in time I searched for a password that hashed to my first name. Since then I've been using passwords that can be considered "randomly" chosen from 8 lowercase letters". At over 37 bits of entropy these perform better...

Go to advanced search