zephyr@lemmy.worldM to linuxmemes@lemmy.world · 2 months ago-----BEGIN PRIVATE KEY-----lemmy.worldimagemessage-square41fedilinkarrow-up1474arrow-down17
arrow-up1467arrow-down1image-----BEGIN PRIVATE KEY-----lemmy.worldzephyr@lemmy.worldM to linuxmemes@lemmy.world · 2 months agomessage-square41fedilink
minus-squareSatyrSack@lemmy.onelinkfedilinkarrow-up6·2 months agoEven if an attacker knew that your password was exactly four words from a specific list of only 2048 common words, that password would still be more secure than something like Tr0ub4dor&3 https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
minus-squareFillicia@sh.itjust.workslinkfedilinkarrow-up1·2 months agoIf the attacker search for your password specifically then xkcd themself posted the reason why it wouldn’t really matter https://www.explainxkcd.com/wiki/index.php/538:_Security If you’re doing blind attemps on a large set of users you’ll aim for the least secured password first, dictionary words and known strings.
Even if an attacker knew that your password was exactly four words from a specific list of only 2048 common words, that password would still be more secure than something like
Tr0ub4dor&3
https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
If the attacker search for your password specifically then xkcd themself posted the reason why it wouldn’t really matter
https://www.explainxkcd.com/wiki/index.php/538:_Security
If you’re doing blind attemps on a large set of users you’ll aim for the least secured password first, dictionary words and known strings.