Search found 16 matches

by superluser
Mon Nov 14, 2011 9:05 pm UTC
Forum: Individual XKCD Comic Threads
Topic: 0977: "Map Projections"
Replies: 353
Views: 138313

Re: 0977: "Map Projections"

My projection is by the Michelin tire company. Somehow, it managed to have two New Zealands (and it's not in the mirror image area of the Robinson). I do not like it and am seriously considering one of those myriahedrals. Edit: Actually, it *is* in that area: http://www.betterworldbooks.com/michelin...
by superluser
Sun Sep 18, 2011 4:54 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

`correct battery hor∫e staple' might make it difficult for script kiddies to defeat your password I'd not be so confident in that particular phrase; if an competent attacker does try Unicode characters, they will try look-similars and sound-similars first; of course, replacing random characters wit...
by superluser
Fri Sep 16, 2011 7:44 pm UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

Of all the 12-character ASCII passwords, approximately 0.08% consist entirely of letters (upper and lower case). So the entropy lost by rules which prohibit such passwords is minuscule. I'm not sure if this is supposed to be a response to me. What I can tell is that it doesn't refer to the argument...
by superluser
Fri Sep 16, 2011 4:16 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

I think the odds of you getting an easily-crackable password from a good algorithm are extraordinarily small though, so most people just don't worry about that. They are, in fact, the same as the odds of a brute forcer stumbling onto your secure password anyway, so if you aren't worried about the o...
by superluser
Fri Sep 16, 2011 2:41 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

All I'm saying is that just because your RNG barfs it out doesn't automatically make it secure. Well yeah. In the really really unlikely event that your random 12-character ASCII string ends up being an English word, you should definitely reject it, because then it's part of a space attackers are l...
by superluser
Thu Sep 15, 2011 7:48 pm UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

But the point that I was trying to make is that just because something is high entropy doesn't make it hard to defeat. It makes it hard to defeat through any sort of brute force attack by an attacker who knows how you generated your password. So please explain what you mean by hard to defeat, since...
by superluser
Thu Sep 15, 2011 4:01 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

Why would you expect to get more entropy from restricting the space to uncommon words? There are 600,000 words in the OED. If we restrict the dictionary to only the 598,000 words that aren't included in the 2**11 words Randall assumes are common, each word now gets 2**19 bits of entropy (modulo goo...
by superluser
Thu Sep 15, 2011 2:24 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

It adds the "alt down" and "alt up" balanced non-nesting "keys" to the password. The keys between alt-down and alt-up must be digits. I'd estimate the increase in entropy from adding this to be somewhere on the order of 2%? Just because your password has higher entropy...
by superluser
Fri Sep 09, 2011 4:06 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0948 - "AI"
Replies: 137
Views: 32042

Re: 0948 - "AI"

I'm surprised with the discussion of cars driving across the desert, no one has mentioned Desert Bus. You know, the driving simulator that entailed driving a bus along the (more or less) featureless desert 400 miles from Tucson to Las Vegas at 45 mph in real time along a straight road in a bus that ...
by superluser
Wed Sep 07, 2011 12:53 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

The problem with that is that unfamiliar names are not easy to remember at all. For most people the list of familiar names is probably in the neighborhood of 200-300, tops (and I think I am being very generous there - I don't think I know that many myself). Most names people are familiar with are t...
by superluser
Wed Aug 24, 2011 11:21 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

Still, it would be foolish to get your password from a server-side program just based on the trust you give an anonymous person on the Internet. If I were listening to that advice, I'd probably never have gotten my Mr T name . (note for the humor impaired: I do not recommend using real data to gene...
by superluser
Mon Aug 22, 2011 5:05 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

I wonder if there are good (as in, reasonably secure) methods to have a random password generator pop up when a user is prompted for a password. Random password and pass phrase generators are easy: several have been posted in this thread. The hard part is getting people to use them, and the more co...
by superluser
Fri Aug 19, 2011 5:49 pm UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: Password Strength and Blonde Jokes

Of course, the blonde has a password with 52 bits of entropy. At 2^52 with 1000 guesses per second, it would take a computer 142,808 YEARS to guess her password (I may have been mistaken about Randall's description of security theory, but if so the degree of entropy would appear to go up on a more ...
by superluser
Thu Aug 18, 2011 7:07 pm UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

And I've got an alternative option (having the computer generate a passphrase using the actually random method). I'm going to pitch them that idea instead now. Use the word Diceware, and you'll radically increase your chances of success. Each word adds 12.9 bits of entropy if chosen truly randomly....
by superluser
Thu Aug 18, 2011 4:47 pm UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

google for "password manifesto" (can't post links yet). - Users should be able to temporarily or permanently disable accounts, removing all passwords from the remote server's database. whether that's because the user rarely comments, or because the user is paranoid, or because the user ga...
by superluser
Thu Aug 18, 2011 4:40 am UTC
Forum: Individual XKCD Comic Threads
Topic: 0936: "Password Strength"
Replies: 893
Views: 317632

Re: 0936: "Password Strength"

Talking about sites with boneheaded password policies, google for "password manifesto" (can't post links yet). Actually, if you poke around, you can find 3 different password manifestos, one suggests that $cullyRulz2 is better than Scully rules, too. This is not that one. Another one sugge...

Go to advanced search