Thread: Unable to log in with password longer than 50 characters
View Single Post
Old 02-08-2016, 11:38 AM   #12
eschwartz
Ex-Helpdesk Junkie
eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.eschwartz ought to be getting tired of karma fortunes by now.
 
eschwartz's Avatar
 
Posts: 19,421
Karma: 85400180
Join Date: Nov 2012
Location: The Beaten Path, USA, Roundworld, This Side of Infinity
Device: Kindle Touch fw5.3.7 (Wifi only)
Yes, I know that one, and it's kind of silly the way dictionary attacks make those far easier than they look (to people who don't realize it is a comic).

I think most people don't realize what Randall was actually saying. People are lousy at generating entropy, but they still think they can do it -- so they do.

Given a string of x length, generated by either correct horse battery staple (CHBS) or pseudorandom characters (`strings /dev/urandom`), pseudorandom always wins.
You can pack a lot more entropy into smaller space. And your password manager is remembering it anyway.

But people being people, who tend to write things down on post-it-notes the webcomic-not-security-analysis is making the point that you will be better served by CHBS than by exchanging "a" --> "@" ad nauseam.
Of course there are other rules too, chiefly the adage about the bear.
Also the one about (not) using MD5.
eschwartz is offline   Reply With Quote