• bjorney@lemmy.ca
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    4 months ago

    Words are the least secure way to generate a password of a given length because you are limiting your character set to 26, and character N gives you information about the character at position N+1

    The most secure way to generate a password is to uniformly pick bytes from the entire character set using a suitable form of entropy

    Edit: for the dozens of people still feeling the need to reply to me: RSA keys are fixed length, and you don’t need to memorize them. Using a dictionary of words to create your own RSA key is intentionally kneecapping the security of the key.

      • bjorney@lemmy.ca
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        4 months ago
        1. we are talking about RSA keys - you don’t memorize your RSA keys

        2. if you rely on memorizing all your passwords, I assume that means you have ample password reuse, which is a million times worse than using a different less-secure password on every site

        • prole@lemmy.blahaj.zone
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          4 months ago

          Derp. Forgot where I was.

          I find passphrases easy to remember and I have several. I appreciate the concern, but I understand basic password safety.

    • shrugs@lemmy.world
      link
      fedilink
      arrow-up
      0
      arrow-down
      1
      ·
      edit-2
      4 months ago

      so you are saying 44 bits of entropy is not enough. the whole point of the comic is, that 4 words out of a list of 2000 is more secure then some shorter password with leetcode and a number and punctuation at the end. which feels rather intuitive given that 4 words are way easier to remember