undefined | Better HN

0 pointsPhemist10y ago0 comments

So XKCD style correcthorsebatterystaple-esque passwords would fall in no time?

0 comments

5 comments · 2 top-level

lyle_nel10y ago· 3 in thread

Almost yea. In a few hours it manages to find these horse related passwords.

15 strawberryhorse

15 ilovehorses1995

15 ilovehorses1994

15 ilovehorses1234

15 horselover4ever

aidos10y ago

Cool system. For clarity though, those aren't xkcd style passwords. They're words that form a normal pattern. Xkcd requires that the words are randomly generated.

cheshire_cat10y ago

Sorry for going slightly OT but I think more people should know this:

xkcd style passwords are actually called diceware passwords [1], the wikipedia article [2] links to arstechnica that reported in 2014 [3] that the original author upped his recommended diceware password length to at least 6 (random) words.

You can obviously always use a bigger dictionary too (as long as you choose truly random).

[1] http://world.std.com/~reinhold/diceware.html funny enough, chromium doesn't like the ssl versions the site uses "ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION"

[2] https://en.wikipedia.org/wiki/Diceware

[3] http://arstechnica.com/information-technology/2014/03/dicewa...

1 more reply

lyle_nel10y ago

Just to add to that. The program as it currently is rarely finds passwords that consist of more than 3 long words, which can still amount to decently long passwords. I have not tried to give it an english dictionary as a seed population. Maybe it would perform better if I do that.

1 more reply

minitech10y ago

No, the point of that style of password is that you choose the words randomly. Random words are just easier to remember than random characters.

j / k navigate · click thread line to collapse

0 comments

5 comments · 2 top-level

lyle_nel10y ago· 3 in thread

Almost yea. In a few hours it manages to find these horse related passwords.

15 strawberryhorse

15 ilovehorses1995

15 ilovehorses1994

15 ilovehorses1234

15 horselover4ever

aidos10y ago

Cool system. For clarity though, those aren't xkcd style passwords. They're words that form a normal pattern. Xkcd requires that the words are randomly generated.

cheshire_cat10y ago

Sorry for going slightly OT but I think more people should know this:

xkcd style passwords are actually called diceware passwords [1], the wikipedia article [2] links to arstechnica that reported in 2014 [3] that the original author upped his recommended diceware password length to at least 6 (random) words.

You can obviously always use a bigger dictionary too (as long as you choose truly random).

[1] http://world.std.com/~reinhold/diceware.html funny enough, chromium doesn't like the ssl versions the site uses "ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION"

[2] https://en.wikipedia.org/wiki/Diceware

[3] http://arstechnica.com/information-technology/2014/03/dicewa...

1 more reply

lyle_nel10y ago

Just to add to that. The program as it currently is rarely finds passwords that consist of more than 3 long words, which can still amount to decently long passwords. I have not tried to give it an english dictionary as a seed population. Maybe it would perform better if I do that.

1 more reply

minitech10y ago

No, the point of that style of password is that you choose the words randomly. Random words are just easier to remember than random characters.

j / k navigate · click thread line to collapse