Comment on Please create a non-secure password.
Buffalox@lemmy.world 2 days agohe human brain isn’t capable of keeping track of enough entropy to create a secure password system.
What an idiotic argument, the level of entropy comes from the rules first and foremost, putting a 1 and an A together is the exact same entropy as using 2 and B.
More generally, it’s a big red flag when anybody thinks they can make a better system than publicly available and verified systems.
You completely fail to understand the argument. I’m not arguing my passwords are stronger, I’m arguing they are SAFER! because they are not stored on 3 different systems, one of which could theoretically have a vulnerability.
frezik@midwest.social 2 days ago
Oh dear, no. You cannot match a cryptographic (P)RNG for generating passwords. Not even close.
Buffalox@lemmy.world 2 days ago
True, my argument is that in practice it doesn’t matter. How many passwords of REASONABLE strength are brute forced? Opposed to how many are lifted from services with lacking security?
frezik@midwest.social 2 days ago
Quite a few. Data dumps of passwords from sites can be from sites that used full hashing. If you used a fully random password of at least 20 characters, even unsalted md5 storage would be unbreakable.
Buffalox@lemmy.world 2 days ago
That’s true. But how does a randomized password generated by a password manager work when the service is accessed from 3 platforms? Like for instance Windows, Linux and Android?
Seems to me that you need 3 different pieces of software, and just 1 getting compromised would compromise everything.