this post was submitted on 03 Nov 2023
304 points (87.3% liked)

Technology

59402 readers
2603 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] aBundleOfFerrets@sh.itjust.works 1 points 1 year ago (1 children)

Dictionary attacks aren’t some magic bullet. There are a lot of english words and just four of them IS comparable in cracking difficult to a standard 8-char password that is as random as you can make it. There are a lot more words than there are symbols. Four words is obviously not as good as 46 totally random chars

[–] scinde@discuss.tchncs.de 1 points 1 year ago

Dictionary attacks are definitely not a magic bullet, they require a lot of processing power, just like any other brute-force attack, but not more because of their longer length, as has been implied.

True, there are a lot of english words, but the amount of common words is relatively small. Most people aren't going to choose a password like "MachicolationRemonstranceCircumambulationSchadenfreude", even if it were generated for them (which is unlikely).

Sure, it is comparable to a standard 8 characters passward, but even that kind of password is verging on the insecure (it is the absolute minimum, which should be avoided when possible).

There are also a lot of symbols when you count emojies and the entire Unicode standard.