zephyr@lemmy.worldM to linuxmemes@lemmy.world · 5 months ago-----BEGIN PRIVATE KEY-----lemmy.worldexternal-linkmessage-square42fedilinkarrow-up1495arrow-down17
arrow-up1488arrow-down1external-link-----BEGIN PRIVATE KEY-----lemmy.worldzephyr@lemmy.worldM to linuxmemes@lemmy.world · 5 months agomessage-square42fedilink
minus-squareSatyrSack@lemmy.onelinkfedilinkarrow-up6·5 months agoEven if an attacker knew that your password was exactly four words from a specific list of only 2048 common words, that password would still be more secure than something like Tr0ub4dor&3 https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
minus-squareFillicia@sh.itjust.workslinkfedilinkarrow-up1·5 months agoIf the attacker search for your password specifically then xkcd themself posted the reason why it wouldn’t really matter https://www.explainxkcd.com/wiki/index.php/538:_Security If you’re doing blind attemps on a large set of users you’ll aim for the least secured password first, dictionary words and known strings.
Even if an attacker knew that your password was exactly four words from a specific list of only 2048 common words, that password would still be more secure than something like
Tr0ub4dor&3https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
If the attacker search for your password specifically then xkcd themself posted the reason why it wouldn’t really matter
https://www.explainxkcd.com/wiki/index.php/538:_Security
If you’re doing blind attemps on a large set of users you’ll aim for the least secured password first, dictionary words and known strings.