How strong is your password /v/?

How strong is your password /v/?

Mine are usually close to 30 characters and use random upper case, lower case, numbers and symbols

Attached: Login.jpg (3421x2280, 775K)

Other urls found in this thread:

world.std.com/~reinhold/diceware.html
twitter.com/NSFWRedditVideo

>using passwords
What a cuck.

how do i private keys everything

my keepass password has 118 characters with mixed uppercase, lowercase and symbols
and that's the only one i need to remember

Easy, stop using botnet 'free' services funded by the NSA and make everything yourself.

>Easy, stop using botnet 'free' services funded by the NSA
>make everything yourself
I still wanna maintain to my job

daily reminder

Attached: password complexity.png (1642x1238, 312K)

I use names of ITAR restricted aerospace parts as passwords with a mix of random stuff(20characters or so)
These names don't exist anywhere in the Dictionary or internet.
They also dont follow any language rules.
IDK how easily you could brute Force them.
Maybe an user can chime in

The only answer you will ever need
world.std.com/~reinhold/diceware.html
$ sudo apt install diceware

Attached: Screenshot_20181109-185029.png (1152x2048, 1.18M)

How does this fare against dictionary attacks?

Fantastically. Just do the math. 7776 words so 7776^7 for a 7 word passphrase vs a password with something like 110 symbols giving you 110^16 for a sixteen character password. Get a calculator and see which number is bigger.

Very well since you'd have to try to guess 5 words out of the dictionary in the correct order. Even with a dictionary of only 100 words that makes for 100^5 = 10 billion possible passphrases. The default diceware dictionary is several thousand words long and the possible passphrases are more numerous than all the possible variations of 8 ascii characters

Make that a twelve character password for the comparison. I got a little carried away. Point is, the passphrase does good if it had enough words and seven is considered enough

all my passwords are exactly grahams number long, suck it faggots

>/v/

How is this video game related?

I keep a minimum safe length of 16 characters.

The average about 35 characters.

pwgen --secure 27 1

how is my way of making long memorable passwords? basically i add an easily remember-able amount of chars to the start of my password, then an easy phrase to remember, e.g.

#####$$$$$installgentoo$$$$$#####

Here you go

ilovetoSUCkdiCKSinmyspaREtimeomnomnom0

yeah thats harder to remember than putting 5/10 of the same chars at the start and end of the string

ssh-keygen -b 4096 -t rsa -o -C "$(whoami)@$(hostname)-$(date -I)"
- "-b" specifies the key strength
- "-t rsa" specifies RSA protocol 2 as the key type
- "-o" enables the new private key format, which is more secure
- "-C" specifies the comment

Just wait until you get hungry again. Then you'll remember it.

How many guesses per second IS a computer making?

>passwordpasswordpasswordpasswordpassword2

i use my dogs name: W56b8Lls4G,^&_jkl34

I use md5 from some of my torrents, I just open transmission and copy the hash of I certain torrent, I only need to memorize which torrent goes with which account.

a password of 123456 is almost as secure as any 32 char random string as long as the server applies rate limiting for authentication endpoints, both are hashed and added to a randomly generated salt, so even if the website gets hacked and the databases get stolen, they won't be able to even get the password 123456 back unless they know it is so a priori

That's why botnets use thousands of different IP's to log in.

that's actually pretty funny

you know that big websites use smart enough methods to detect bots in the first place? also they can tell easily IPs coming from genuine ISPs from ones coming from cloud or tor for instance

pwgen -sy 100 per site and then saved in a password manager.
>wp*("c9@vTCBg$=a|taq9zg9c9U3gvuqjV,gq\0O\[X2hQ>"y1Ph0dTz(KP?00g!H4rYL}:1E%vhw:LL/1$U?m;0\dLgz'Z$XPEj

nice password

Read OP again

>use smart enough methods to detect bots in the first place
You mean Recaptcha or ip based lookups?
Theres a good enough pool of legit compromised computers in some botnets and youd be surprised how little websites actually do anything like that.
Google/Microsoft/Facebook? sure
But up until recently not even apple cared about your data enough to employ such methods, until they were actually targeted.

To a remote server? Less than 10k on that table unless there's a huge unmitigated flaw that lets them spam the server.
If the hashes are local? depends on the hardware, but OclHashcat on multi gpu hardware can do millions to billions of hashes a second depending on the algorithm.

Not an issue, if I see 1000 login attempts on less than an hour, I'm sure as hell locking up the account.

>what is rainbow table

please stop embarrassing yourself, the salt is generated randomly for ever password even if it's the same, thus the hash will be totally different even for the same plain text password

just google PBKDF2 or go to college before embarrassing yourself again

>not using face id

Attached: 8wt02p1wjjg11.jpg (550x723, 107K)

ok can you prove that hash is securely salted when you register anywhere

>you don't need strong passwords because all the sites you use have excellent security practices.
I have a job that requires me to register with the government. My password wasn't working after registering so I hit "forgot password" and they emailed me my plain text password, truncated to 8 characters (I had registered with a 24 character password).

I really don't believe anybody does this in 2018

I used 4-5 common words of my favorite things along with numbers all arranged in different orders for really important things

For shitty throwaway passwords I just use the same simple 10 character easy to remember password and not give a shit because it's all on separate accounts from the important stuff.

Welcome to real life, where mission critical systems use 8 character non case sensitive passwords to authenticate it's users. It happens, more than you may believe. Trust me.

I just use a password manager which does all the heavy lifting for me.

As for my database PW, nice try NSA.

>I really don't believe anybody does this in 2018
Here's some pictures I just took.
>top left
The email I got when first registering (in 2017)

Fuck finger slipped.
>I really don't believe anybody does this in 2018
Here's some pictures I just took.
>top left
The email I got when hitting "forgot password" when first registering (in 2017)
>top right
The email I got when hitting "forgot password" like 5 minutes ago.
>bottom
The email exchange back in 2017 when I brought these issues to the organization's attention.

Attached: shitty government security.jpg (973x1004, 141K)

>not using a hash of a strong password as password ¿¿¿¿¿