Sujet : Re: I don't get this RANDOM stuff...?
De : usenet (at) *nospam* nieveler.org (Juergen Nieveler)
Groupes : sci.cryptDate : 05. May 2025, 08:25:54
Autres entêtes
Organisation : Bofh Inc.
Message-ID : <XnsB2D65FC32BD69juergennieveler@nieveler.org>
References : 1
User-Agent : Xnews/5.04.25 Hamster/2.1.0.11
ignoramus@home.com wrote:
I don't understand the need for this random stuff.
I just made up this somewhat easy to remember passphrase about my
doggie's bathroom habits.
My doggiiee poohps 2.3 tyhmes a dahy
It can be 'hacked' because it isn't "random"?
Every password checking web site says it would take thousands of
centuries to hack. What am I missing?
It's not so much that you'd get hacked because it's not random - but that
you'd be tempted to use it on multiple services because "Oh, I have a very
long and secure passphrase".
Finding your password through brute force would indeed take AGES... as
long as it's stored securely on the server in the form of a salted hash
only. But if it's not... then somebody would know the password and could
try it on all kinds of services to see where else you used it.
That's why long memorable passphrases should only be used on password
safes - the one thing where you REALLY shouldn't write down your password
for, as that's where you store all your other passwords. And THOSE are
random, because that's much much easier than coming up with hundreds of
different phrases...
Of course that password safe also needs 2FA of some kind just in case THAT
password gets found somehow, that goes without saying.
-- Juergen NievelerCeterum censeo NSA esse delendam 
Re: I don't get this RANDOM stuff...?
Re: I don't get this RANDOM stuff...?