Re: One-line password generator
On 08/24/2017 02:11 AM, Brian wrote:
> You should never reveal how your passwords are generated. In detail,
> that is; in principle there might be no harm done.
But how do you know how much you can reveal about it until there is real
harm done? You can't really know for sure how much entropy your password
has, unlike a randomly generated password, where it is significantly
easier to estimate. Revealing as much as "my passwords are 30 random
alphanumeric characters" will be fine in that case, but there is no such
measure with passwords like the ones you have described.
>> Eg. knowing that you create your passwords like that can make it
>> significantly easier for someone else to guess your password, which
>> could potentially be dangerous, especially if done by someone who knows
>> you well.
>
> Agreed. Account passwords being guessed can surely only happen when the
> account owner is known to the perpetrator.
Sure, but the problem is that the account owner may not even be aware
that this is happening. For example, with human-generated passwords,
telling a joke, talking about your mother's maiden name, or talking
about your favorite band may be leaking information about your
passwords, and it is really hard to understand how much(or how little)
damage it has done. With passwords, you should be sure, not guess, that
you are safe.
> How does one know
>
> MyDogHasNoNose.HowDoesItSmell?Terrible!
>
> (old jokes are vey memorable) is a safe password?
You don't, and that's the problem, I believe.
Reply to: