Re: One-line password generator
On 08/23/2017 07:31 AM, Brian wrote:
> On Tue 22 Aug 2017 at 15:14:37 -0500, Mario Castelán Castro wrote:
> You can recommend what you want but give me
>
> IhaveaMemorablePasswordwhichIwillnotforget!
>
> as opposed to
>
> WVAq7XLM4va6e1A4Bb4+Zw
>
> You will now explain why the first one will be broken in the next
> 100 years. I'm past caring after that.
The problem with that kind of password generation is that it leaks in
unexpected ways, and it can be hard to understand how much it matters.
When you know nothing about a password, it can be quite hard to guess,
but as you reveal more information about it and its construction (max
length, character set, format, etc.) it becomes easier and easier.
With randomly generated passwords, you still have an easy-to-understand
"hard limit" on how easy it will be to guess, unless you start leaking
individual characters of it, even if you reveal how the password is
constructed.
In the other hand, with passwords like the ones you described, it can be
quite difficult to gauge how hard it is to guess, and how much you can
reveal about it before it being unsafe.
Eg. knowing that you create your passwords like that can make it
significantly easier for someone else to guess your password, which
could potentially be dangerous, especially if done by someone who knows
you well.
I personally use diceware, which is relatively memorable and secure
enough. Revealing the fact that I use diceware makes guessing my
passwords significantly easier, but it still is very far in the
"impossible" territory.
I don't think leaving your passwords up to chance is a good idea. You
should know, not guess, whether it is safe or not.
Reply to: