How many bits of entropy do your encryption passwords have...

Attached: images.png (448x274, 20K)

Nobody uses words from different languages for passwords.

It's common for non-americans to know 2-3 languages.

Why would somebody risk torturing me and going to jail to get my data? I'm not holding millions of dollars in bitcoin in my hard drive, unfortunately

Found the American

CIA niggers won't go to jail. They'll just leave the room to cry for a minute.

Well if you use different languages and uncommon words you'd probably be okay, but with four relatively common English words (3000 according to google) I can't imagine it would take very long to brute force.

>Passwords must be between 8 and N characters long

>It's common for non-americans to know 2-3 languages.
Not really, that only applies to educated folk. And even those who are bilingual, how many of them actually do use multiple languages in their password? I bet it's an extremely uncommon thing.
I'm Uruguayan.

No, assuming a set of 171k words and md5 hashing, it can be cracked in 9 days, according to this article:
paul.reviews/passwords-why-using-3-random-words-is-a-really-bad-idea/

> having an upper limit
That's how you know the website has shit security. All passwords should be hashed so they are equal length and then salted (or salted and hashed)

The people who actually are a threat to the establishment are one in a million, they can't risk going around disappearing low-priority people without letting the cat out of the bag.
It's far more likely that they'd hit you with tax evasion charges or rape accusations like they probably did to Linus.

thats three words. lets count with four, which means just multiply those 9 days with another 171k. looking better already, doesn't it?
it gets even better:
with 8 words (or with 22 characters from [a-zA-Z0-9]) you already maxed out the amount of entropy md5 keeps at most (128 bits)

>t. didn't read the link

>can't imagine
alphnum length 20
62^20 = 7e35 combinations

4 common words
3000^4 = 8e13 combinations
5 common words
3000^5 = 2e17 combinations
6 common words
3000^6 = 7e20 combinations

etc.

Obviously what you need to do is use a random generator to pick the words for you (see diceware) and increase the dictionary size. Hence the 3 languages thing, observe:

3 dictionaries with the 3000 most common words, means the dictionary size becomes 9000. Also in practice it's fucking cumbersome to crack passwords like that. Which languages should i use? Where could I get the dictionaries from? Are the words mangled? Did the guy insert additional special characters or not?

9000^4 = 6.5e15
9000^5 = 6e19

etc.

The word shit is easy to remember and easy to type, that's the main advantage. So using that for full disk encryption or password managers might not be a bad idea. Usability is what kills security 99% of the time. "1234" isn't picked out of stupidity, but necessity. Post-its with the fucking password on them are the result of people not being able to remember random strings of 25 characters.

lol no, according to him 3 words can be cracked in 40 seconds
that said, yeah, 8 words is very good security and probably going to be impossible to crack for the rest of our lifetimes

i did. its stupid. all that matters in a password is it's entropy, not its length, the article falsely implies that a 3 word password is supposed to be about as secure as a near same length random combination (which is false, 3 words are way too little). the only metric what matters is (rememberablity/entropy), in which case my example of the more than 128 bit entropy (which is the maximum md5 could keep) can be achieved by either 8 random words or 22 random alphanumeric characters. it's up to you to decide which is easier to remember, since rememberability does not have an objective metric, but i'd go with the 8 random words. the article also suggest that vocabulary has to do with it, when it doesn't, since you're supposed to really truly randomly select the words, not just "think of" one.

if you did then you would know the 9 hour figure was for 4 words
>the article falsely implies that a 3 word password is supposed to be about as secure as a near same length random combination
not it doesn't
>which is false, 3 words are way too little
that's the whole point of the article you dummy

*9 day figure

as I said, multiple word passwords are not secure. Using multiple languages might help, but only because it's more obscure, not because it significantly increases the number of combinations.

you seem to understand passwords, but my god your reading comprehension is terrible, that is literally what the article said.

>"1234" isn't picked out of stupidity, but necessity.
not really necessity, but lazyness really. memorizing new passwords isn't that hard
I agree password managers and/or reusing passwords (they're about the same level of security IMO, since password managers tend to use stronger hashes than websites but them being a browser extension makes it more likely for the plaintext to be leaked as well) is OK for shit that doesn't matter, but for shit that does you want a strong password that stays in your head only
and I'm not sure whether using words or pronounceable strings would be easier, because for any reasonable dictionary size, the words are going to be abstract and difficult to remember anyway

Just make your password a 10 or so word sentence with numbers at the end

>literally doubles the base of the brute-force power
>not significantly raising the number of combinations

making it a sentence greatly reduces the entropy. think of that that not any word combinations are correct sentences, thus the set of possible passwords reduces.

I have no information sensitive enough for a need to have a really long, convoluted password. Even if someone gets my banking information and wipes my account, all it takes is one 5 minute phone call to have my account suspended, information changed, transfers reversed, etc with no cost to myself.

>get's fired for posting a no-no on facebook
>"It wasn't me! I got hacked!

You have a civic responsibility to use secure passwords to keep your society's resources out of the hands of criminals.

>how many of them actually do use multiple languages in their password? I bet it's an extremely uncommon thing.
I can't say how common or uncommon it is but mine are usually finglish so the words generally aren't in either Finnish or English dictionaries.

I would never get fired for something I posted on facebook, although I dont really use social media that much other than for messaging friends/family I dont really see that much anymore

lol@thinking your efforts are doing anything at all. look at some of the data breaches to major companies that have happened in the last 10 years or so; csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html
And thats the ones we know about, imagine how many companies there are that know about major breaches, but dealt with it internally and said nothing to avoid the backlash. No amount of password entropy will save you when your bank's customer profile database is compromised.

76 but I rely on /dev/urandom

is there a foss offline tool i can use to test mine?

github.com/dropbox/zxcvbn

there's no tool, foss or not
any tool that would measure the strenght of your password would have to know exactly what methodology the NSA or a generic attacker is going to use to actually try to crack it (bayesian priors) amd work backwards from there, but there isn't much actual research into actual cracking software

that only works for common words and simple substitution/patters, if ypu use something like pwgen or lastpass' pronunceable password generator, it's going to way overestimate the srength. tldr it's a pretty dumb tool

Here a list of 7 secure passwords. Use them wisely.
d3qubzbkuig3gsa4
qlzdptor1txr2d9q
ncom1j8edu14oo6y
kibh675gdb2nr6pf
ps9l90p1arlanv1k
4wr494i8g0uwip4k
zk4ds5pzqh2dqkmk

With all the leaks I legitimately stopped caring.
If you wanna fuck my account, I'm going to be apathetic.

not OP but thx this is great