Select the best password:

???

The fuck am I looking at

3rd obviously

>4 dictionary words

zipped size

entropy and shit, senpai

they all look pretty strong

but

if they have been reused you're fucked, if that combination exists in pop culture for some reason you're fucked

sage
/thread

>measuring entropy by zipping
Wew.

OP you're a fucking dumb idiot if you think it's 3

Random, unrelated words. It's not dictionary.
Also the attacker wouldn't know you're using 4 words instead a random string. Also you may add a separator (. / * ~) between the words.

I don't have a picture of a facepalm handy but imagine if you will next to my post a picture of picard recursively facepalming straight into oblivion of facepalming

not the 1st - words followed by numbers followed by special symbols is very common pattern
2nd is better
3rd - this is probably not xkcd-style because the 'nasty' and 'village' words are not randomly picked. Anyway I would pick 4 random words over 2 words filled with common patterns.

>Random, unrelated words. It's not dictionary.
Dictionaries are random unrelated words mate.

Prove me wrong.

Prove yourself right, fucker.

existence of dictionary attacks prove that passwords have lower entropy than charset^len

None of them. Why would I use a password that was posted on Sup Forums?
Also, the 3rd password there isn't even that good. You need to pick very uncommon or even made-up words for those sorts of passwords.
That could reasonably be dictionary attacked.

You don't understand how dictionary works. It doesn't make sense in this case, even if you know the victim is only using words. Unpredictable order, unpredictable separator.

Dictionary attacks are not used to bruteforce a SENTENCE, it uses usual words and names.

Yeah yeah, technically it's called something different to bruteforce a passphrase with a bunch of words from a dictionary. Same shit still, it's like having a 4 digit password, shit sucks.

Could you elaborate?

> it's like having a 4 digit password
But when your alphabet consists of 10K characters.
BTW I wonder how will one bruteforce Japanese/Chinese passwords.

>same as a 4 digit password
Where your abc is way longer than 26

Probably, on what?
>But when your alphabet consists of 10K characters.
Sure, that's implied.

>BTW I wonder how will one bruteforce Japanese/Chinese passwords.
Don't even know how passwords for those really work.
I said digit by the way, not character. So the correct response would be "way longer than 10".

>using unicode characters in pass
Nice meme my friend

>digits can be only base10
But that's wrong, you fucking retard

> Nice meme
apple.stackexchange.com/questions/202143/i-included-emoji-in-my-password-and-now-i-cant-log-in-to-my-account-on-yosemite

It's not common to refer to a digit password, and mean something else than base 10. Besides, you'd still be wrong because base 26 isn't something that's used.

While your point is valid, it's linear function for alphabet and power function for length, so on bigger values even one more symbol equals drastic increase of dictionary to achieve same entropy.

I don't think you understand Russell's Teapot do you?

3rd.

More entropy bits since it's the longest. And no, dictionary attacks aren't that sophisticated. Even if they are, it'll still take decades to crack.

>He still believes passwords will save him

the longest one

wrong

right

come on man its Sup Forums

enough of use correcthorsebatterystaple as our su login it aint funny

In principle I agree with the 3rd one, but that is a poor choice of words. They're too commonplace.

Something like "cerebusxanthiancryologytinfoil" would be much better.

The entropy of the second one is better though.

No password

Last one

Option D: Lockout after 5 bad attempts

Nobody bruteforces from a login page, it's done with the just the database. So that's not an option.

Third one. I, too, read xkcd.

Second one literally has more bits of entropy than the third one though.

>nasty7123_#village+

this one

Remember911

>right

wrong, you're a retard

word passed passwords are really shit

You're a nasty basement dweller trying to sidetrack the masses of Sup Forums with vague wording

The best password is one you don't share. Your passwords, by definition, are all wrong.

Even if they're all wrong, some are better.

>wrong
you're wrong

Second one: 50^19 big number
Third one: 2000^4 small like ops benis

>I just read that one xkcd comic: the thread

Option E: Self-deleting database

depends on what method the evil person uses to try and crack it

>Dictionary attacks are not used to bruteforce a SENTENCE

but they are

and by using it you are reducing your search space significantly and if you only use words then you will get owned orders of magnitude faster

all of them are shit especially if youre using smth worse than bcrypt with cost 7. and no, third one is not better, the entropy means nothing if i can crack it using english dictrionary set at 4+ words to start.

>BTW I wonder how will one bruteforce Japanese/Chinese passwords.
chinks generally use numbers only

they'll only resort to letters when forced to (and then it's simple english words they know or chinkshit in pinyin because their input methods don't work in password fields)

Couldn't you break the 3rd one in like 4 seconds with a diactionary attack.

StupidNastyVillageDance

All of these passwords are now public and thus insecure.

No.

>not CorrectHorseBatteryStaple

Number 2.

When I used to crack passwords for reasons I can not say, I never did brute forcing, it's a fucking waste of time.
I had a wordlist, and I would use masks.
One of which, I would run the wordlist twice or more to combine words.

So if it took me 2 seconds for the wordlist, it would take, what, 4 minutes for the last one?
If you wanted it to be secure, do the four words, and add padding in the middle of a word.
>muh length

tbqh the mac password generator is top-notch.

typecasts1]cannibalization
cloners144(overcompensatory
steamy2538\monochromaticity

The first two pass a dictionary attack. The third one doesn't.

So stop pretending to know shit about security.

More like 2 minutes.

>steamy2538
And they say mac isn't for homosexuals.

>dictionary attack magically knows all words start with uppercase

Not magically no, just through software. Not that difficult to try words with and without capitalization, it would just take twice as long.

None of them, because you've already posted them on the internet and they're now in some guy's wordlist.

You don't know much of this do you

Objectively any option besides the third one.

I've brute forced numerous passwords similar to the third one. With a good wordlist, it would take under 5 hours.

>inb4 silly physics man meme comic
Yeah nah, you shouldn't base your security decisions on web comics, but rather on the advice of experienced security analysts like myself.

does uppercase matters? and text with numbers?

I use two types of password:
*name(example) - RebeccaKrelm7
*chip code - EM638325TS

Are they too easy to crack?

Uppercase doubles the amount of tries it needs to do.

Just use 8 asterisks.
If somebody cracks your password, they won't even realize it.

StupidNastyVillageDance because it is the longest

>StupidNastyVillageDance

length is the most important factor

kek

>password breakers
>evil
The'yre not always evil

>giving credit for photo memes

ez pass
veo-4%aAjwHsfam73;#+b

If the case of each letter is chosen randomly, you improve password security; for example, a 10-character password would go from e14 to e17 possibilities. If you use a predictable pattern (e.g. all uppercase, start of each word uppercase) there's no significant difference.

All are terrible passwords.

If you really want a good password then simply choose a word with at least 8 characters and insert symbols between words.

h*o*l*o*c*a*u*s*t* (18 char)
r/a/i/n/b/o/w/s/ (16 char)
c#u#c#k#o#l#d#r#y# (18 char)

Now you suddenly have a strong password very resistant to brute-force and dictionary attacks that are easy to remember.

>1 language password
StüpîdÑãßtyخرا

>they all contain words
they're all shit

So you're telling me

842%a&_#f)w0~33g:8c@6!1

is weaker than

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

And now the "put the same character between each character" is another thing they try for. Good job dipshit.

This is good but even better is if you just make a few characters of mumbo jumbo and then repeat the same word a lot of times, example:

#_$,,applesapplesapplesapplesapplesapplesapplesapplesapplesapples

This is highly uncrackable. and it's easy to remember. Crap + 10x apples

Friendly reminder that self-generated passwords are inherently insecure. Even if you avoid obvious patterns like words, your attempt to randomly mash the keyboard will be nowhere near true randomness. Either use a password generator, or give up and go for password1.

Do password breakers use only english when breaking passwords?

corr3ct h0rs3 b4ttery_st@pLe

Yeah that reduces efficiency of dictionary attack by a ton. There's like hundreds of symbols.

This is what dictionary attacks were designed to crack. Granted this will probably take the longest. I would still recommend just putting a symbol after each letter, much less typing.

List of symbols:

en.wikipedia.org/wiki/List_of_symbols

if you are attacking the password knowing nothing about it then yes.