[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: One-line password generator



On 22/08/17 17:31, Brian wrote:
> You will now explain why the first one will be broken in the next
> 100 years. I'm past caring after that.

If you do not care about security, you could generate a single 4
character bit block with my method and save typing.

>> If the password is not important (for example, account of web forums)
>> then you can use store it in a plain text file or a password manager.
>> Firefox has a built-in password manager which works fine. Here
>> memorability does not matter at all, as you just have to copy and paste,
>> or let the password manager fill it automatically. Anyway, one could not
>> memorize enough passwords for all the things that require one (esp. web
>> sites).
> 
> You are digressing. Every password is important. Basing a password on
> the perceived imortance of an account is unwise. What Firefox has is of
> no great consequence when it comes to memorability.

No, I am not digressing. Not every password is equally important. How
important is the password you use to post in a forum that you will not
visit again? Is it as important as the password of your GNU PG private key?

> Fine. But where is the improvement over
> 
>  Willhas5fingerson_each_Jand
> 
> as a password? A bit longer to type, perhaps, but not spectacularly so.

This is just for a block of 24 bits, thus this is a rough equivalent of
4 characters under my method, which is *much* shorter to type.

Assuming your mnemonic function is one-to-one (which it is not) you
would need 4 such to achieve the 96 bits of entropy that I recommend.
Then the difference in length is very significant.

Moreover, since you are suggesting using the mnemonic itself, and the
mnemonic function is not well defined, the entropy is not well defined
either.

-----
Anyway, I posted this suggestion for those who want a provably (not
“probably”) secure password (up to a certain entropy). I know not
everybody will like my method, and that is fine for me.

-- 
Do not eat animals, respect them as you respect people.
https://duckduckgo.com/?q=how+to+(become+OR+eat)+vegan

Attachment: signature.asc
Description: OpenPGP digital signature


Reply to: