this post was submitted on 04 Dec 2023
111 points (100.0% liked)

the_dunk_tank

15910 readers
18 users here now

It's the dunk tank.

This is where you come to post big-brained hot takes by chuds, libs, or even fellow leftists, and tear them to itty-bitty pieces with precision dunkstrikes.

Rule 1: All posts must include links to the subject matter, and no identifying information should be redacted.

Rule 2: If your source is a reactionary website, please use archive.is instead of linking directly.

Rule 3: No sectarianism.

Rule 4: TERF/SWERFs Not Welcome

Rule 5: No ableism of any kind (that includes stuff like libt*rd)

Rule 6: Do not post fellow hexbears.

Rule 7: Do not individually target other instances' admins or moderators.

Rule 8: The subject of a post cannot be low hanging fruit, that is comments/posts made by a private person that have low amount of upvotes/likes/views. Comments/Posts made on other instances that are accessible from hexbear are an exception to this. Posts that do not meet this requirement can be posted to [email protected]

Rule 9: if you post ironic rage bait im going to make a personal visit to your house to make sure you never make this mistake again

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 11 months ago* (last edited 11 months ago)

hmm. you know I haven't done the math in a while but you might be partially right. It definitely does still help to use a dictionary for passphrases, but especially if you include all the words in the english language, not just a much smaller subset like diceware, and if you add anything to dress it up a little, it can still be pretty hard to crack... before password managers were a thing I was known to do like 3-5 random words plus 2-4 digits, and maybe a punctuation character if I was feeling spicy. A pre-calculated hash/rainbow table attack is not feasible if the password hashes are properly salted but a plain wordlist/dictionary attack still is

For the curious, I came up with something like 650-700 years on average to crack a 4 random word passphrase at 20 billion tries/sec (that rate was a real life example sourced from some pentesting firm's site) if your word list includes every last word in modern use in english (171000 words). If your wordlist is only 2048 common words (like diceware) though, that's like 10 minutes or less.

xkcdpass (based on the well known comic) by default uses the EFF's long wordlist, which is 7776 words I believe, so a 4 word passphrase from that would average about 24 hours to crack at that same speed. Not great but if you spice it up with digits, special chars, etc then maybe that's okay for the average person. But it's pretty long to type out especially on mobile.