Thats embarrassing.

FZD

Space Marshal
Nov 22, 2016
1,348
5,011
2,750
RSI Handle
FZD
Yeah, I don't trust any password manager that either
A) Is closed source, so I can't audit what they do with my data
B) Is open source, which makes it easier for hackers to crack

I guess I can share what I do:
I got a bunch of documents lying around, nothing out of the ordinary. One of those documents is a missing page of a scientific paper, and also my password map. The only thing I need to remember is where the password for the login that I need starts. So all my passwords are LONG, and they usually contain some symbols too.
Also, since the passwords are partial phrases, phrase and a half, etc. of natural language, they're pretty easy to remember even without consulting the password map.

But hard to brute force, let's say that you know I got full phrases, and you even know that I got 5 words per password.
That's still some 200000^5 = 3.2e+26
When compared to a password with 8 random symbols:
100^8 = 1e+16
(That's alphabet*2 + numbers + punctuation + then some)

Oh, a good brute force rate for passwords is 10 billion guesses per second. Unless you got some supercomputer at your disposal. (Let's face it, if you got a supercomputer, you're not too interested in my Constellation Taurus)
So 5 random words:
200000^5/10000000000/60/60/24 = 370370370370 days.
8 random symbols:
100^8/10000000000/60/60/24=11.6 days.

So as we can see, 5 random words is better, even when you downright tell the attacker you're using 5 words, enabling them to use dictionary attack, than 8 random symbols.
 
Last edited:

FZD

Space Marshal
Nov 22, 2016
1,348
5,011
2,750
RSI Handle
FZD
Not sure your password of "Test Squadron Best Squadron" is any better then "I like to drink beer" as a password.
You misspelt "Squardon".
But especially for "I like to drink beer", there are so many different ways you could phrase that:
"Beer is liquid bread, it's good for you!"
"Beer is the drink for me"
"Beer - the final frontier!"
"Malts above everything else!"
"Beer is my goddess"
"Beer is my Goddess"
"Beer with my God, Tess"
"Beer is a good dress"
"Bear is a good dress"

If you decided one of the 5 words had to be beer, the attacker would still need to spend 5 millenia guessing your password.
 

hardroc77

Space Marshal
Donor
Aug 27, 2015
2,581
9,011
2,410
RSI Handle
hardroc77
Yeah, I don't trust any password manager that either
A) Is closed source, so I can't audit what they do with my data
B) Is open source, which makes it easier for hackers to crack

I guess I can share what I do:
I got a bunch of documents lying around, nothing out of the ordinary. One of those documents is a missing page of a scientific paper, and also my password map. The only thing I need to remember is where the password for the login that I need starts. So all my passwords are LONG, and they usually contain some symbols too.
Also, since the passwords are partial phrases, phrase and a half, etc. of natural language, they're pretty easy to remember even without consulting the password map.

But hard to brute force, let's say that you know I got full phrases, and you even know that I got 5 words per password.
That's still some 200000^5 = 3.2e+26
When compared to a password with 8 random symbols:
100^8 = 1e+16
(That's alphabet*2 + numbers + punctuation + then some)

Oh, a good brute force rate for passwords is 10 billion guesses per second. Unless you got some supercomputer at your disposal. (Let's face it, if you got a supercomputer, you're not too interested in my Constellation Taurus)
So 5 random words:
200000^5/10000000000/60/60/24 = 370370370370 days.
8 random symbols:
100^8/10000000000/60/60/24=11.6 days.

So as we can see, 5 random words is better, even when you downright tell the attacker you're using 5 words, enabling them to use dictionary attack, than 8 random symbols.
Wow, much maths.
 
Forgot your password?