Huh

You can use three first letters of each word instead of the whole word, without spaces, and without any decrease in difficulty to guess.

password managers create gibberish passwords because an algorithm creating non-gibberish passwords is unsafe.

>Protip: this is why password managers create gibberish passwords, instead of long ones.
>password managers create gibberish passwords because an algorithm creating non-gibberish passwords is unsafe.
youre both wrong, increasing the size of the character set used to create passwords does very little to create randomness compared to increasing the length

also using gibberish words instead of random dictionary words does very little to increase randomness because again increasing the size of the word set only increases randomness by a constant compared to increasing length increases randomness quadradically

to illustrate why that cartoon is correct:

Lets say you know a password is 4 random english words all in lowercase separated by a space and you did a brute force guesses on it with an english dictonary of 100,000 words.

You run 100,000 times on the first word.
On the second word you run:
100,000 x 100,000 = 10,000,000,000
Third word you run:
10,000,000,000 x 100,000 = 1x10^15
Forth word you run:
1x10^15 x 100,000 = 1x10^20

1x10^20 is 110,000,000,000,000,000,000 which would take 3,488,077,118 years to guess doing 1000 guesses per second

Compare that to a password of only 11 digits that only increase randomness by increasing the size of the character set from 26 lower case letters by adding 26 upper case characters and 10 digits and 53 of the rest of the printable characters to a total of 115. So you have only increased the character set by 4 times which means you are only running the brute force attack only 4 times as much which means you only need to buy 3 more computers to run your brute force attack to equal the time it would take on just the 26 lower case characters.

Pretty sure a dictionary attack could solve correcthorsebatterystaple in less than 3 days. And if a web service doesn't detect 1000 bad login attempts/sec for 3 days straight, it's probably not a service you should be trusting with important information in the first place?

>Lets say you know a password is 4 random english words all in lowercase separated by a space and you did a brute force guesses on it with an english dictonary of 100,000 words

If the point is "easy to remember" passwords, then it'd be ~3000 english words in common use, not 100,000. That'd still be about 2500 years at 1000 guesses/second, but realistically nobody remotely brute forces passwords. They somehow get a copy of the database and attempt to brute force it locally at orders of magnitude faster speed on multiple machines simultaneously.

My password is a series of obscure words in foreign languages. Fight me.

Name 1 (One) website that allows you to make 1000 login attemps every second.
Protip: You can't.

Use 1000 VPN tunnels.

Wouldn't it be just a little bit suspicious that 1000 different ips from different countries are all trying to access the same account at the same time for 3 days straight?

sudo uninstall ubuntu && install arch

Thanks me later

Brute Force isn't used on live websites, it's used on database dumps.

but computers could guess the second one with a randomized dictionary file

Sure, but they would have to know that the password is in that format. Also if you just stick a symbol in the middle, that attack won't work anymore.

Considering there is 1000 word in your dictionnary (which is not a lot, imagine using an uncommon word), it's a complexity of 2^40, which is the complexity they are giving at 1000 guesses/sec.

So yeah, a dictionnary attack won't work. That's why so many people advocate passphrase instead of password.

I hate that comic, my bank don't let me use passwords that aren't like this
>Passwords must be at least 8 characters long, 1 uppercase and 1 special character

A better (and simplier) password is something like
123-Apple-$$$

Attached: beer.png (599x282, 48K)

Dictionary attacks aren't actual English dictionaries, they use a "dictionary" of commonly used passwords. Also, see:

And how many people will be using a dictionary attack instead of just assuming you use the same shitty 8 characters containing one or more digits and special characters that almost every system has required for decades?

Moreover it doesn't matter anyway because only retards brute-force passwords these days when chances are you can probably find some shitty exploit for the entire password database itself and get all the passwords in one fell swoop.

I've never understood this.
People have different tastes. He's welcome to not drink beer. Lots of people dislike the taste of beer, and will drink liquor to get smashed. The guy has a point that baldie doesn't have to drink it, but baldy is a salty little bitch.

I just started using [A!#$^&*]{11}adU[!#$^&*] as a pattern in KeyPass, which generates a password that's 15 characters long with at least one upper, one lower, one digit, and one of the special characters, and 11 other random characters from that set, with the permutation option (so it generates the sequence, then scrambles it). I figure this provides an OK amount of security while still fulfilling most password scheme requirements. I might make a 20 character version for sites that accept that many.

And as I posted this I realized that the a and U should be l and u.

Take a randomly generated initial sequence of letters, then
mutate one random letter at a time until the correct sequence of letters is output.
How many iterarions will it take?
11

Attached: iterations.png (875x314, 30K)

is this shit satire

Attached: 1372463924841.jpg (321x306, 7K)

>takes n iterations to mutate one letter at a time until it matches the n letter long sequence of letters
astounding

>this guy is indirectly the creator of Jow Forums
oh no

SUDO APT INVITE-DICTIONARY-ATTACK

>What is a dictionary attack
His comics are literally made for "women who code" and first semester computer science faggots.

>check against passwords that are combinations of common words first

Attached: 1457291146717-1.jpg (500x500, 94K)

RunningInThe90s!

You really don't understand how a dictionary attack works, do you? You can't do a dictionary attack against any algorithm that chooses the password randomly, regardless of the rest of the mechanism for choosing the password, since there is no set of more common combinations to build your dictionary with.

Are you guys being retarded on purpose or were you just born this way? The complexity analysis in the comic already assumes the use of a dictionary attack. In fact, it assumes a dictionary attack where the attacker knows the exact dictionary you used to generate the passwords.
Every single thread where this comic is poster, a million morons like you crawl out of the woodwork and start crying about shit you know nothing about like a bunch of skiddies desperate to prove their intelligence on an anonymous imageboard. And this shit is posted so often that you have to be absolute newfags to have not seen this exact discussion before.

hunter2

You seem to be upset that anons attack your favorite comic.

~In grandpa Simpson's voice~
Back in my day we had 30 gigglybits of rainbow tables an we.......... aww I forget.
~meanders off to the garden~

Just think of it as rounding up the newfags from the rest of the board to where they're just newfagging with each other.

Attached: security.png (448x274, 24K)

>So you have only increased the character set by 4 times which means you are only running the brute force attack only 4 times as much
No it doesn't. 6 letters with 10 different characters = 10^6 combinations. 6 letters with 40 characters = 40^6 = 4096*10^6 combinations.