How much bits of entropy is required minimum to be uncrackable in 2023?
How much bits of entropy is required minimum to be uncrackable in 2023?
Falling into your wing while paragliding is called 'gift wrapping' and turns you into a dirt torpedo pic.twitter.com/oQFKsVISkI
— Mental Videos (@MentalVids) March 15, 2023
is it really an issue if the service requires 2FA?
2FA is just an excuse for every single company to have your phone number in the event the feds need to track you down.
Or just do this like a nonretard
https://www.linux.org/threads/in-depth-tutorial-how-to-set-up-2fa-totp-with-keepassxc-aegis-and-authy.36577/
...Or you can set up your mail to receive the 2FA you dumb dumb.
most woke shit doesnt allow free emails. I cant send a cock li email to anyone with a standard email account. it doesnt even show up in spam.
>I cant send a cock li email to anyone with a standard email account. it doesnt even show up in spam.
How's that?
SMS is widely known to be the least secure method of 2FA. Real niggas use a FOSS authenticator app & back up their OTPs regularly.
That chart doesn't even make sense. Is brute force against a server? What server would allow an infinite amount of unsuccessful login attempts in such a short time?
2FA? Which server with even the slightest capability to integrate 2FA would not be able to handle a simple brute force?
>What server would allow an infinite amount of unsuccessful login attempts in such a short time?
Loads of servers do, sadly.
And why would anyone in their right mind keep such a confidential password in a poor service?
They don't advertise they're a shit service so you don't know until after it's compromised
I'll say more, it's a non-issue if the service has a wrong password cooldown.
very ambiguous, it depends very much on the encryption that the server uses to encrypt the user's password.
If the server does not encrypt the password, up to INT_MAX characters is instantaneous.
Use a fucking nonsensical long phrase. Easy to remember for humans difficult to try for computer.
Those security guides proposes password that are difficult to the human but easy to the machine
Brute force programs can do phrases now.
Stick to
you can do more randomized words, it would be way more difficult for a dictionary attack and would be always easier to remember
this
but longer, and maybe add a question and an answeror talk about numbers
like:
How did Alex go? He ride a rock, at 18km/h underwater.
53ch, 220bits, or 11 words with 3 caps, 2 numbers and 3 special characters. How difficult it would be for an dictionary attack to crunch?
You can change letters for numbers or other shit like random caps for extra security. Or don't use grammar at all
You want to avoid using sentences at all ubless you want to type a parageaph. The whole point of diceware is thats it's random and the math checks out even if the attacker knows you dictionary list
Instead just mix in foreign words(romanized chinese) or better yet obscure fantasy/sci-fi words
i was simplifying.
I mix several of the languages i know, and i take care that i use the non english characters as much as possible.
Then again we shouldn't care that much unless, we as individuals are interesting targets or normies get close to our safety levels.
If 95% of passwords can be bruteforced in like 30mins and yours take 10 hours, you'll probably safe. This is real life, your house doesn't need to be supersafe, it just needs to look more difficult to steal than your neighbors
20+ randomised characters, including numbers, letters and special characters.
Each password should be different from the last - completely different.
passwords are dead, passphrases are better
Thats is like 30 years old, 44 bits of entropy is not nearly enough
Any script kiddy with gaming pc could crack that
yeah no shit. But it's an example
>Dictionary attack
>"Yeah mate just write a short story for every site you use"
Also sites like paypal allow a max of 20 chars
>max 20 chars
Do e-paynaggers really?
I protect myself from dictionary attacks by using a funny typo of a japanese untranslated Visual Novel game character that I like in my passphrase. Don't think any dictionary will contain that.
a lot of cracking dictionaries are built from actual password databases. If you've used it on a site that had a leak, and it wasn't properly salted, it could be in a database.
>all these posts
>still no xkcd
Zoomer hours
I always heard that rainbow tables can fuck you up but I never found proof of this.
if you're cracking a hash, and they're not salted yeah they can fuck you up
Those are more relevant if your users table gets leaked.
Pic related is also relevant.
>drug him
this chart was really made by a person without any sense of reality
people on drugs feel less pain and are more encouraged
do you think that most armed robbers go to work "sane"? no, most are drugged, precisely to ease the pain of a possible bullet inside his chest
>he's never heard of truth serum
Doesn’t even take that. Give him 100mg of molly and ask nicely. Cost: $15
hes not wrong, you either use drugs OR beat him up, depending if its an important person or not, you dont use both
t. crime movies are not a reliable source
name 3 drugs
just don't pick those drugs. Something to give em paranoia and anxiety like a hallucinogenic.
>use a password that's so long it doesn't fit in the attacker's RAM
checkmate.
now I'm safe as long as my PC has more ram than other people.
SWAP is a thing, cuckold.
>put my page file in Google Drive (5000TB storage)
checkmate
How are you going to input the password, pig?
Over 9000
It's not just about the password itself but also about the key derivation method. With something like Argon2 the password itself doesn't matter so much.
>entropy
Stop using words that you don't even know what they mean.
Its not a matter of being cracked now. Communication and data are not ephemeral.
They are constantly getting saved.
Its about being uncrackable in 2123
>How hackable is your password
>Big Tech(github, twitter, select facebook accounts...): Plaintext passwords
>instantly
>Encrypted disk
>wrench
>instantly
>Password with hash and salt
>Hacked personal device
>instantly
did they include PBKDF2 in their calculations?
so, that's the time it takes to brute force in a perfect world. but it's almost never that exact situation. any application worth its weight will rate limit you, so the real time is actually much, much longer.
correct it's offline cracking but don't pretend it doesn't happen, it often does and most companies are still using MD5 or SHA1 for hashes for no good reason
and that's if you can get a dump of the db. but i mean at that point your application is already beyond gone
explain what i said is retarded
Retard