Re: One-line password generator
On Sun 27 Aug 2017 at 21:12:12 +0200, Thomas Schmitt wrote:
> Brian wrote:
> > I do not have to run faster than the bear, just faster than anyone else.
(Analogies never work. Remind me not to use them again).
> According to the article about the successful cracking, it is not so much
> about how fast you are. The bear will not stop when it is done with eating
> those behind you.
Note that the article details the point at which the investigators gave
up on going after what they saw as random passwords. They would never
have got to
my!only"reason£for$living%is^ebay
no matter how low or high its entropy is. Which is not to say other
techniques would not have caught it. Stamina is at least as important as
speed. The bear will have run out of puff after trying n=10 for brute
force.
Protecting an online login is far more important than second-guessing
how a provider has provisioned their system. A user has no control over
the latter, so why should he put any great thought into comabating the
provider as well as the crackers.
We are mesmorised by the skills of offline crackers. They dazzle us and
blind us to realities. Where is someone saying that
eq8GeKBhVXOTjF0dAyd0
is a splendid password? It wouldn't have a chance of being forced via an
online attack.
> It is rather about not to walk the paths which all the tasty others walk.
> The first found meal tells the bear that there is more food in the same
> direction.
With an offline attack, probably. But where are the people who say that
online is the same as or even similar to offline, Inquiring minds would
like to know why 'thisismySECRETpassword' is a poor login password.
And, even assuming a site such as Ebay with its millions of users loses
its marbles to offline cracking, why think you are first in line for
rampaging? Ok, they have to start somewhere - it might as well be you. :)
--
Brian.
Reply to: