You must log in or register to comment.
this is gold yet I don’t know anyone who would get it that I can share it with
I just shared it with a bunch of people while also telling them that I didn’t care if they didn’t get it and I wasn’t going to explain it.
They’re used to this.
Edit: 2 of them got it. That’s pretty good for me. I’ve played to smaller crowds.
That’s why we come to the internet. Real life people suck.
That’s why I have a sister studying cyber sec 😎
I shared it to the memes group at work, as a developer
If you had to explain it, how would you?
I have exactly one person and they loved it.
Replying to a 10-year-old tweet is a power move in itself.
It’s sad that I can’t find anyone to share this with.
I have literally one friend who would get this, and I try not to bombard him with memes, as I can tell it gets on his nerves sometimes, even when he thinks it’s funny.
I’m in your exact camp.
I share these with friends who might not get it. It’s like a UDP joke
ACK
NAK
␆
As long as you gave your best effort.
Burst a kidney please help
I wonder if you string together enough words can it be a valid key?
I would hope so, sentences and words are some of the most secure passwords/phrases you can use
Words are the least secure way to generate a password of a given length because you are limiting your character set to 26, and character N gives you information about the character at position N+1
The most secure way to generate a password is to uniformly pick bytes from the entire character set using a suitable form of entropy
Edit: for the dozens of people still feeling the need to reply to me: RSA keys are fixed length, and you don’t need to memorize them. Using a dictionary of words to create your own RSA key is intentionally kneecapping the security of the key.
Edit: Oops forgot what the topic was.
-
we are talking about RSA keys - you don’t memorize your RSA keys
-
if you rely on memorizing all your passwords, I assume that means you have ample password reuse, which is a million times worse than using a different less-secure password on every site
Derp. Forgot where I was.
I find passphrases easy to remember and I have several. I appreciate the concern, but I understand basic password safety.
-
Good luck remembering random bytes. That infographic is about memorable passwords.
You memorize your RSA keys?
you memorize the password required to decrypt whatever container your RSA key is in. Hopefully.
so you are saying 44 bits of entropy is not enough. the whole point of the comic is, that 4 words out of a list of 2000 is more secure then some shorter password with leetcode and a number and punctuation at the end. which feels rather intuitive given that 4 words are way easier to remember
While this comic is good for people that do the former or have very short passwords, it often misleads from the fact that humans simply shouldn’t try to remember more than one really good password (for a password manager) and apply proper supplementary techniques like 2FA. One fully random password of enough length will do better than both of these, and it’s not even close. It will take like a week or so of typing it to properly memorize it, but once you do, everything beyond that will all be fully random too, and will be remembered by the password manager.
The part where this falls flat is that using dictionary words is one of the first step in finding unsecured password. Starting with a character by character brute force might land you on a secure password eventually, but going by dictionary and common string is sure to land you on an unsecured password fast.
That’d why words are from the eff long word list and there are 6 words
Even if an attacker knew that your password was exactly four words from a specific list of only 2048 common words, that password would still be more secure than something like
Tr0ub4dor&3https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
No, it would not. 2048 to the power of 4 is significantly less than 60 to the power of 11.
https://www.wolframalpha.com/input?i2d=true&i=Power[2048%2C4]—Power[60%2C11]
That’s true but in practice it wouldn’t take 60^11 tries to break the password. Troubador is not a random string and all of the substitutions are common ( o -> 0, a ->4, etc. ). You could crack this password a lot easier with a basic dictionary + substitution brute force method.
I’m saying this because I had an assignment that showed this in an college cybersecurity class. Part of our lesson on password strength was doing a brute force attack on passwords like the one in the top of the xkcd meme to prove they aren’t secure. Any modern laptop with an i5 or higher can probably brute force this password using something like hashcat if you left it on overnight.
Granted, I probably wouldn’t use the xkcd one either. I’d either want another word or two or maybe a number/symbol in between each word with alternating caps or something like that. Either way it wouldn’t be much harder to remember.
Troubador is not a random string
except it is not troubador. it is troubador, ampersand, digit.
if you know there are exactly two additional characters and you know they are at the end of the string, the first number is really slightly bigger (like 11 times)
once the random appendix is 3 characters or more, the second number wins
and moral of the story is: don’t use xkcd comic, however funny it is, as your guidance to computer security. yes, the comic suggestions are better than having the password on a post-it on your monitor, but this is 21st century ffs, use password wallet.
then someone uses a dictionary attack and your password gets cracked within minutes
see, you didn’t get the whole comic. 4 words out of a dicitionary with 2000 words has more combinations then a single uncommon non gibberish baseword with numeral and puction at the end. as long as the attacker knows your method.
a dicitonary attack will not lower the entropy of 44 bits, thats what the comic is trying to say
It the length not the content for the most part. Some keys have syntax such as leading or trailing characters.
While the joke is funny, what is the context? Why did she post the original tweet in the first place?
It’s lady gaga.
If you’ve followed her at all, even indirectly, this is NOT the weirdest thing she’s done, and bluntly, the weirder stuff wasn’t justified (to the public at least).
I’m not trying to throw shade at Gaga at all. Lady, let your freak flag fly all day long. You don’t need my permission to do it, but if you want it, you got it. Weird isn’t bad, it’s just weird.
IMO, at this point, gaga doesn’t need a reason to be weird.
I don’t follow her at all so thanks for the explanation!
I would not have thought that she knows what a private key is 🙉 humans and their prejudices…
Ohhh, it is the other way around, gaga‘s tweet is older
I genuinely LOL’d at this thank you OP.
