this post was submitted on 20 Jul 2024
1621 points (98.7% liked)
linuxmemes
21103 readers
1614 users here now
Hint: :q!
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack members of the community for any reason.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I would hope so, sentences and words are some of the most secure passwords/phrases you can use
Words are the least secure way to generate a password of a given length because you are limiting your character set to 26, and character N gives you information about the character at position N+1
The most secure way to generate a password is to uniformly pick bytes from the entire character set using a suitable form of entropy
Edit: for the dozens of people still feeling the need to reply to me: RSA keys are fixed length, and you don't need to memorize them. Using a dictionary of words to create your own RSA key is intentionally kneecapping the security of the key.
That's only really true if you're going to be storing the password in a secure vault after randomly generating it; otherwise, it's terrible because 1) nobody will be able to remember it so they'll be writing it down, and 2) it'll be such a pain to type that people will find ways to circumvent it at every possible turn
Pass phrases, even when taken with the idea that it's a limited character set that follows a semi predictable flow, if you look at it in terms of the number of words possible it actually is decently secure, especially if the words used are random and not meaningful to the user. Even limiting yourself to the 1000 most common words in the English language and using 4 words, that's one trillion possible combinations without even accounting for modifying capitalisation, adding a symbol or three, including a short number at the end...
And even with that base set, even if a computer could theoretically try all trillion possibilities quickly, it'll make a ton of noise, get throttled, and likely lock the account out long before it has a chance to try even the tiniest fraction of them
Your way is theoretically more secure, but practically only works for machines or with secure password storage. If it's something a human needs to remember and type themselves, phrases of random words is much more viable and much more likely to be used in a secure fashion.
Most of my passwords are based around strings of characters that are comfortable to type, then committing them to muscle memory. There's a few downsides to this:
If I need to log in to something on mobile and don't have a proper keyboard with me, it's tough to remember which symbols I've used
I share some of my logins with friends and family for certain things, if they call and need to re-enter a password, it's usually impossible to recite it to them over the phone (most of my shared logins have reverted back to proper words and numbers to make it easier for the others)
If I lose an arm, I'll probably have to reset all of my passwords.
But yeah, words alone provide plenty of possibilities. There's a reason cryptocurrency wallets use them for seed phrases.