Is this correct Sup Forums?

tfw when cant use any of your favourite church of the subgenius memes as passwords because the NSA niggas cant into Slackware so they just dictionary attack the whole book

>he doesn't use templeos to generate his passwords
fucking cia niggers

>tem play ohs

see the post right after you:

GIVEMESLACKORKILLME

Some websites will not allow any dictionary words in any portion of a password, some websites have ridiculously short max chars.

No.

Skiddie dictionary attack also make use of permutations of letter-number substitutions, adding a 1 or ! to the beginning or end, etc.

The only safe password is a randomly generated string of at least 16 characters.

...

>mfw i've literally seen it on such a list

what is multiplication and why does it increase log e complexity

Actually, the last paragraph you wrote couldn't be more wrong.
Average English native speaker uses 20000 words. Let's be generous and assume 10000 words are the common ones. 10000^4 is 10^16 possibilities.
On the other hand, taking 11 random characters out of 100 possible characters gives 100^11 = 10^22 possibilities.
Of course, that's assuming the 11 characters are random.
Increasing the character set from n to 2n for a m character password increases the time needed by a factor much higher than 2. (2n)^m = 2^m * n^m.

The problem are dictionary attacks, they completely negate whatever the fuck XKCD was going on about.

>not having passwords like IaIaShub-NiggurathTekili-li

not enough $p3ç1å| characters

Is that a real website?

Missing the point.
You want easily memorable/googlable words that aren't in dictionary. Fantasy character names/phrases/languages are great for this shit.

A password can only be dictionary-attacked if it is in human language, not in language of elves or treants.

Just throw in a number somewhere, completely negates the attack

>learning an entire fictional language just for password creation
truly the patrician way for making passwords

>learning
>not knowing some random words already
Oh /fit/, it would do you great to work out in the library sometime.

what's annoying about these password comics is the fact so many old websites/games/programs has something like an 8-11 character limit on your password.

it wasn't people just wanted some cheap shitty 8 word password it was the fact that was the fucking limit. you couldn't even use spaces either so so much for random sentence too

The first password isn't that easy to break. However, the sentiment of the comic is true (longer == always better, and easier to memorize is better than hard to memorize).

I use randomly generated shit from Keepass. I feel this is the easiest way to go. It's not good policy to use the same password everywhere, and I'd never be able to remember 20+ different pass phrases anyway; it's also a pain in the dick to come up with random strings of words all the time. Since that's the case, I might as well randomly generate them. If one gets compromised, I can just generate another one; my important shit is protected by two-factor authentication anyway.

In reality, you're more likely to have your password broken because the website/company didn't properly guard their data than you are to be brute forced or dictionary attacked.

Holy shit all this retardation

The comic takes dictionary attacks into account. It treats a "random common word" as 11 bits, in other words, you only need to choose it from a list of 2048 "common" words.

>A password can only be dictionary-attacked if it is in human language
A dictionary attack uses a list of educated guesses, not a literal dictionary, moron. There are dictionaries of keyboard patterns, for for example if your password is "1qazxsw2" it's going to be vulnerable to such at attack.

There's a point to be made that an attacker won't necessarily know what generation scheme you've used, but that's a risky assumption. I will acknowledge that random fictional words/names are less likely to be tried, but if an attacker is targeting you, they'll likely do research and figure out that you're a fantasy nerd (unless you've properly exited all botnets, social networks, etc.), and could easily add that stuff to their dictionary for their attack.

And similar to the above point, dictionary attacks generally take permuations into account, adding variable amounts of numbers and trying for 1337speak substitutions etc.

TL;DR: use a fucking password manager to make 24-character randomised unique passwords for everything

>you're more likely to have your password broken because the website/company didn't properly guard their data than you are to be brute forced or dictionary attacked
But assuming they're using common-sense hashing, your password still won't be broken unless they do brute force it. That's the entire point of hashing.

That's assuming they even bother to hash. How many dipshit websites just store passwords in plaintext? I hear about that shit all the time.

Yes. The best way to create very strong but easy to remember password by using something called Diceware.

if your password is getting dictionary attacked somebody has hacked the websites database and stole every single account and is now going through all of them. even 17 years ago websites would lock accounts which had somebody doing 1000 login attempts. banks or any website that's not complete shit locks your fucking account after somebody tries to login like 3 times and you need an email to unlock it.

if they steal a database then let's say 70% of the passwords are easily understood cause there's some hashtable with them listed on them. 30% is still tens of thousands of users most likely. they aren't using a quantum computer so just throwing in random numbers/letters is still good enough so they won't ever break it

>implying passwords have to be on a website
Do you not encrypt your disks, crypto wallets, or master password databases? Or any other sensitive data for that matter?

obligatory

youtube.com/watch?v=a6iW-8xPw3k

>somebody has stolen files off your computer
>they have access to your computer
so why don't they just keylog you and get your password that way tard? you're more likely to be fucked that way than them stealing the database off some random website jesus

>I type in my passwords using my HDD
Alternatively:
>I type in my passwords on my laptop even when it's in some thief's van 50 miles from my house

Of course if they're literally stalking my house without actually taking anything then passwords won't help. That's a whole other topic of OpSec if you're worried about that. But things like phones or laptops are easily stolen (although I will admit that having my desktop's disk stolen is a bit farfetched).

Additionally many people have a file server at home (I'm planning on setting one up but I'm lazy as fuck), or use a VPS as one. OSes and file server software can have a vulnerability found at any time, allowing malicious access to my files, my plain old AES-256 with a strong key is still unbroken as far as everyone knows, and for sensitive stuff (like for instance wallets, like I already mentioned) more security can't hurt.

a parody of this one I think
howsecureismypassword.net/

>some dindu is going to be running a bruteforce on the laptop they stole
nice delusions you got there. if you're trying to say the cops/nsa snatched your shit then you're just switching the goalpost. the question was about skiddies running bruteforce not the nsa.

so if they're now downloading stuff off your machine using exploits why aren't they simply taking over the machine completely. you say there's magic exploits so why not assume they're on it right now but you don't know?

today password aren't being bruteforced they're being stolen along with the database and that's why you need to use password manages and separate passwords. all this shit about

>MUH PASSWORD WORD PHRASE
is so fucking stupid cause just 10 years ago you couldn't even use space in passwords and they had 11 character limits. it's so annoying that fucking retards think everybody picked h4x9r speak cause they're brainlets. it was cause that was the fucking character limit on shit websites

>It would take a computer about 105,567,231,319,798,860,000,000 QUADRAGINTILLION YEARS
to crack your password

Feels pretty good, except now howsecureismypassword.net has my password.

only if you try every character permutation. instead just try all english words. bam. entropy decimated.

the passwords are that way for other people not to remember quickly and steal your info.

it's actually a good idea to have machine breakable passwords in case your mom forgot.