Re: One-line password generator

To: debian-user@lists.debian.org
Subject: Re: One-line password generator
From: Brian <ad44@cityscape.co.uk>
Date: Thu, 31 Aug 2017 20:00:54 +0100
Message-id: <[🔎] 31082017193232.740b2afe9e0a@desktop.copernicus.org.uk>
In-reply-to: <[🔎] 20170829215914.tr5dcfvum7fv2k55@p5k.home>
References: <[🔎] 27082017183649.6a8cb22c69d4@desktop.copernicus.org.uk> <[🔎] 14197755380912304411@scdbackup.webframe.org> <[🔎] 20170829191459.GL15649@copernicus.org.uk> <[🔎] 20170829192939.2absqn3eawjqeg76@p5k.home> <[🔎] 29082017203928.1751959b3c53@desktop.copernicus.org.uk> <[🔎] 20170829215914.tr5dcfvum7fv2k55@p5k.home>

On Wed 30 Aug 2017 at 00:59:15 +0300, Reco wrote:

> On Tue, Aug 29, 2017 at 08:50:53PM +0100, Brian wrote:
> 'Us'? Do not speak for all the list please.

It is a construct; intended to involve everyone in the conversation.

> Admit that you just did not read the pdf.

It is not concerned with online cracking. That is obvious. Why should I
spend time in reading its each and every detail
 
> > How does this help with attacking the password for a login with online techniques?
> 
> Simple. You generate passwords by using adjectives, nouns and verbs from
> Oxford and/or Webster dictionary. You don't put all the words together
> (the result will have too much volume), you try to create grammatically
> correct (although meaningless) phrases. A mathematical concept that
> allows you to do so is Markov chains. An implementation of this concept
> is called Prince Attack on hashcat lingua.
> 
> Overall entropy of 'my!only"reason£for$living%is^ebay' password (aka
> XKCD 936 password) could be reduced significantly, leaving
> 'eq8GeKBhVXOTjF0dAyd0' password (aka base64 password) far superior.
> 
> Also, bruteforcing a password by feeding a list of those to the online
> service of any kind is dumb (unless you have a disposable botnet
> dedicated to this purpose). Smart move is to obtain a list of
> (hopefully) hashed passwords, which all bad guys are doing these days.

Services accept numerous failed *online* logins without doing anything
about it?

We (or, if you prefer - you) have now decided to move to offline
cracking. It makes for a better press.

> > > > We are mesmorised by the skills of offline crackers. They dazzle us and
> > > > blind us to realities. Where is someone saying that
> > > >  
> > > >  eq8GeKBhVXOTjF0dAyd0
> > > > 
> > > > is a splendid password? It wouldn't have a chance of being forced via an
> > > > online attack.
> > > 
> > > Since it appeared in a public maillist - it is a bad password by
> > > definition.
> > 
> > It will not be used again.
> > 
> > How easy is it to force
> > 
> >  +H3GHd8kXs8HfmRDzZ7y
> 
> Since you put it on the public maillist again - trivially.

Damn. I spent ages using the technique in the first post in this thread
to devise it.

-- 
Brian.

Reply to:

Follow-Ups:
- Re: One-line password generator
  - From: Fungi4All <fungilife@protonmail.com>
- Re: One-line password generator
  - From: Reco <recoverym4n@gmail.com>

References:
- Re: One-line password generator
  - From: Brian <ad44@cityscape.co.uk>
- Re: One-line password generator
  - From: "Thomas Schmitt" <scdbackup@gmx.net>
- Re: One-line password generator
  - From: Brian <ad44@cityscape.co.uk>
- Re: One-line password generator
  - From: Reco <recoverym4n@gmail.com>
- Re: One-line password generator
  - From: Brian <ad44@cityscape.co.uk>
- Re: One-line password generator
  - From: Reco <recoverym4n@gmail.com>

Prev by Date: Re: systemd says "org.freedesktop.systemd1.TransactionIsDestructive"
Next by Date: lilypond workaround against lilypond-removal
Previous by thread: Re: One-line password generator
Next by thread: Re: One-line password generator
Index(es):
- Date
- Thread