How much more secure would a password be if it was something like "MAKIISCUTE" but repeated 10-20 times?

How much more secure would a password be if it was something like "MAKIISCUTE" but repeated 10-20 times?

Other urls found in this thread:

howsecureismypassword.net/
unicode-table.com
twitter.com/NSFWRedditVideo

On one hand it's a pretty easy rule to add to an hash cracking program, but on the other hand slowing down the cracking by 20x would not be worth it. Just repeat it an odd number like 31 times and you're ok

Although for maximum protection you should use moonrunes. Literally no cracking program checks for those. I'd go with kana to make it longer. まきはかわいい

>Although for maximum protection you should use moonrunes. Literally no cracking program checks for those.
I find that hard to believe.

At least the last time I looked at these things, it seemed that way. If you have any examples to the contrary I'll be happy to learn something new. I'll admit I'm not that up to date on the topic

If you're doing bruteforce, adding more possible characters increases the amount of work by gigantic amounts. 8 english lowercase letters is 26^8=208827064576 combinations, 8 letter with english and hiragana letters is 72^8=7.2220414e+14, which is ~3458 times more.

this. however, maybe there are other considerations. what happens if you have to type the password near somebody else who is trying to peek it? the fact that you are repeating the same word againd and again makes it easy to guess.
you could be better off with a shorter sequence of different words

Much, much more secure. No one will expect you to lie so obviously in your password.

Without even considering that hiragana is probably not even one of the most common scripts after English alphanumeric. Why include, for example, hiragana but not Cyrillic? And if you're doing a naive utf8 bruteforce you end up with 242 possible digits, so 8 letters become 242^8 = 1.1763131e+19

howsecureismypassword.net/

I just chose the most obvious smallest addition considering where the thread was going. 3.5k times longer with just hiragana is enough to illustrate that doing this is not feasible.

>It would take a computer about

>7,825,383,598,404,940,000,000 octogintillion years

>to crack your password

>Why not create even stronger passwords with Dashlane? It's free!

>Tweet Your Result

> Tip: Use a Password Manager to secure and easily remember your passwords

> “Dashlane is life changingly great. Get it.” - David Pogue (The New York Times)

> Get Dashlane - It's Free!

...

>Use weebrunes
>Your password may only contain A-Z.

Unfortunately too many websites impose artificial restrictions on the passwords.

>Your password looks like it might just be a word and a few digits. This is a very common pattern and would be cracked very quickly.
>11 TRILLION YEARS

Your phone looks comfy desu

It's strictly a website restriction, not a hashing problem, right?
>Your password can't be more than 16 characters long

>It's strictly a website restriction, not a hashing problem, right?
yes

hashing has nothing to do with this. any half serious hash function supports any bit pattern in a byte, why wouldn't it? you can, for example, hash a binary file to check for integrity. A binary file can obviously contain any byte.

Correct. The hashing algorithm just sees a sequence of bytes. The password length has its limits but its in the order of terabytes.

>まきはかわいい
cringe

I just copied that from because I can't type weebrunes.

don't stop posting now, my penis is about to burst all over your intellect

Pretty secure

But even easier to remember would be something like "MAKIISCUTEANDSHESMY1WAIFU"

literally uncrackable or maybe "MakiIsCuteAndSheIsMy1Waifu"

i'm 12 btw

>I can't type weebrunes
Get out of Sup Forums.

MAK115CUTE

So... why this restriction exists? Leftover from times of passwords being stored in plain text? People do not understand that you can type anything?

A little bit of both. Also incompetent developers doing it because "everyone else does it so they have to be right".

I think it might have to do about how moonrunes are coded - UTF-8 or UTF-16 or whatever encoding system nips used to have. Suddenly, a perfectly valid password becomes invalid when you access from another device with different encoding.

Doesn't matter, you can set the charset header on your website and you'll receive the data on the server side properly encoded.

Has it always been like this, though? Today we have many standards compilant browsers, but not back in the day.

Document encoding exists as far back as RC1945 from 1995 and the form-spcific encoding on top of document encoding as far back as RFC2616 from 1999. So it's been standarized for a while, whether browsers followed it back then, I don't know.

Well, if you're a jap I doubt you got problems with typing your runes anywhere in your country, on any device. The plausible reasons people are not aware are:
1) You can only use a-zA-Z on lots of websites
2) Even if you can use anything, it's never pointed out, so people use a-zA-Z because that's how other sites work.

not M4k115Cu73

M4k145h17

It will slow down a cracking program by a factor of 10-20, assuming that the only rule added by the cracker is to repeat each password by 2,3,4,...,20 times and not search of other iterations that are 2,3,4...,20 words long. So it's not that secure like adding a random string of words like "thispankakeismineandtherearenotherpankakeforme" it's more secure than "thispankakeismine" repeated 20 times.

However "thispankakeismineandtherearenotherpankakeforme" is still following structural grammar so it should be something more random like "thispankakecantflyjapanfor2hoursandspacenigger" what is interesting about this one is that you could draw a silly picture about it and remember it every time you look at it but it follows no sense or grammar.

>type in "faggot"
>your password would be cracked INSTANTLY
>your password is In the top 4765 most used passwords
>faggot is in the top 4765 most used passwords

what.

How the fuck does it knows tha-
Oh.
...Oooh.

>mfw retards type their actual passwords in there and it stores it in plaintext

>having no face at all

Acid attack due to insulting pmumbah mohammand.

>your password would be cracked INSTANTLY

it should return that for everything

>hiragana
>cyrylic
just use this
unicode-table.com

what keyboard?

>53 decilion years
>short scale

'howsecureismypassword?' yields 84 quintillion years.

just add ñÑáéíóú its more easy

Are uppercase letters and non-letter/ number characters really kryptonite to bruteforce?

have you even looked at the code? you do know that there are dozens of public password dumps and hundreds of public password hash dumps? there are also multiple already prepared csvs with password,frequency pairs based on the biggest dumps.

If just the first letter is uppercase, it's likely to get cracked if the lowercase password would get cracked as well. Same thing with having a number a single digit at the end of the password. Harder (but still not impossible) if you use random numbers that you don't substitute for letters in a common words. Basically impossible to crack if your password is pretty long and is completely random.

Keep in mind that most crackers just do lowercase until a certain length, alphanumeric until another length, and then dictionary based attacks.

by -90% now, since you shated the pattern with us.

but in all seriousness most people have "dictionary" passwords. so I think several bi/trllion would be enough if you would group words into fuckhuge markov chain

>まきはかわいい
>はか
>はか
>はか

z.update('まきはかわいい'.encode())

what about it?

SwiftKey

>you do know that there are dozens of public password dumps and hundreds of public password hash dumps? there are also multiple already prepared csvs with password,frequency pairs based on the biggest dumps
And yet none of them have my password because I'm not retarded enough to just give it out.

>I'm not retarded enough to just give it out.
>my password

there is so much retarded going on in a single sentence. first of all, you *are* giving out your password every time you use it. that's how a password works.

>password
>singular

I hope a single shitty site you use gets hacked and someone gets into your paypal, kek

>bruteforcing
>2017
>not rainbowing
>not dictionary-attacking
>not just stealing the salt
>not just exploiting backdoors

Truly, poo in the loo levels of autism.

>he isn't using LastPass with a Yubikey and 2FA enabled on all personal devices

>How 2 get good passcode?

A long phrase you can remember. Ex. "My dear aunt sally fucked the gardener because she is a whore and my uncle has a cuckold fetish"

Replace the spaces with symbols in an order you can remember. Ex. "my!dear@aunt#sally$fucked%the^gardener&because*she(is)a_whore+and_my)uncle(has*a&cuckold^fetish"

In this example I started from "~" and went right towards "=", uppercasing each and going back when I reached one side.

The website returned "1,298,082,903,244 quadragintillion years" as how long it would take to crack.

But it's only one part of the equation, it's also good to make sure to keep all of your software updated and to only use trusted apps.

>forever
no such thing

One char under "forever" is "8,872,633,677,238,465 nonagintillion years."

as a math student i can not accept this

Only applied maths students will understand.

>lastpass
how many critical bugs have they found since I last looked? don't you think the one that renders 2FA completely useless (by providing a simple way to completely bypass it having access to the password) was pretty cool? was it found last week? :)

I'm curious about pic related. It would be easy prey for crackers that use dictionaries, right?

math student with a degree, boy