Comment on Please create a non-secure password.
frezik@midwest.social 2 days agoYeah, that’s going to be a terrible system. The human brain isn’t capable of keeping track of enough entropy to create a secure password system.
More generally, it’s a big red flag when anybody thinks they can make a better system than publicly available and verified systems. You’re not capable of that, I’m not capable of that, Bruce Schneier is not capable of that. No matter how smart you are, you missed something. That’s why I didn’t need to know a single detail.
Buffalox@lemmy.world 2 days ago
What an idiotic argument, the level of entropy comes from the rules first and foremost, putting a 1 and an A together is the exact same entropy as using 2 and B.
You completely fail to understand the argument. I’m not arguing my passwords are stronger, I’m arguing they are SAFER! because they are not stored on 3 different systems, one of which could theoretically have a vulnerability.
frezik@midwest.social 2 days ago
Oh dear, no. You cannot match a cryptographic (P)RNG for generating passwords. Not even close.
Buffalox@lemmy.world 2 days ago
True, my argument is that in practice it doesn’t matter. How many passwords of REASONABLE strength are brute forced? Opposed to how many are lifted from services with lacking security?
frezik@midwest.social 2 days ago
Quite a few. Data dumps of passwords from sites can be from sites that used full hashing. If you used a fully random password of at least 20 characters, even unsalted md5 storage would be unbreakable.