Re: One-line password generator

[Reco <recoverym4n@gmail.com>]

	Hi.

On Tue, Aug 29, 2017 at 08:14:59PM +0100, Brian wrote:
> On Sun 27 Aug 2017 at 21:12:12 +0200, Thomas Schmitt wrote:
> 
> > Brian wrote:
> > > I do not have to run faster than the bear, just faster than anyone else.
> 
> (Analogies never work. Remind me not to use them again).
>  
> > According to the article about the successful cracking, it is not so much
> > about how fast you are. The bear will not stop when it is done with eating
> > those behind you.
> 
> Note that the article details the point at which the investigators gave
> up on going after what they saw as random passwords. They would never
> have got to
> 
>  my!only"reason£for$living%is^ebay
> 
> no matter how low or high its entropy is.

Sadly it only means that these investigators were to lazy to implement
Markov chains to generate a suitable dictionary. See this for the
example:

https://hashcat.net/events/p14-trondheim/prince-attack.pdf


> We are mesmorised by the skills of offline crackers. They dazzle us and
> blind us to realities. Where is someone saying that
>  
>  eq8GeKBhVXOTjF0dAyd0
> 
> is a splendid password? It wouldn't have a chance of being forced via an
> online attack.

Since it appeared in a public maillist - it is a bad password by
definition.

Reco