this post was submitted on 11 Dec 2023
112 points (92.4% liked)
Privacy
31975 readers
302 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Seems very easy to crack tbh
It was just an elaborate rickroll, they’re getting sneakier.
Spell the words with mistakes + add numbers and symbols with a rule, capitalize with a rule too
But lyrics of a song is an really obvious target to get to a dictionary(if it's a dictionary attack)
More interesting would be encrypting name of the service, maybe with you login or something
So "gooey" + "lemmy", let's say we take three first letters and three last
"goommy"
Create a dictionary in your head only you know:
go out out mom mom yes (for an example I used short words)
Make mistakes that you would:
go oud oud mam mam yess
Add some numbers and symbols, capitalize
gO Oud Oud mAm mAm yEss (o, a, e are capitalized)
You get the point
Or just use a god damned pw manager. As soon as you have to memorize a system corners will be cut. 16 random characters will never be beaten by a mangled string.
Yeah, but most of the password managers are a security risk too
I would actually be happy to see a good airgapped password manager working with qr codes, or NFC, or something like that
Maybe as an app for an old phone, or a raspberry pi zero
Crack how? With 4-5 words you're going to have a pretty long password so bruteforce is out. Do you mean that if you will have one of my password you will have the rest? That's because I gave you obvious example as a joke. What if my password is TakePicturesOfYou. What other password are possible? How will you crack them?
Take the lyrics of the top 1000 popular english songs, and do a rolling hash of 5 words at a time. To account for capitalization, you would have to multiplely the dataset a few times but I bet you most passwords created in this manner would be easily cracked using this method.
That's not easy. I mean it's not that hard computationally but you're talking about very specific attack requiring some dedicated tools. Real life you would have two scenarios:
This would be bad pretty much only in the very specific scenario of hackers trying to hack my specific account and having leaked hashes of password for this account.
Still I wouldn't really use this method. I'm just saying it's better method than some printed card generating short alphanumeric password.
Fair. I guess I'm just being nitpicky.
Crackers use words and phases, they don't just start at 00000000 and head for zzzzzzzz. It's easier to crack a 16 char phrase of mangled words than 16 random chars.