this post was submitted on 18 Jul 2025
334 points (96.9% liked)

memes

16266 readers
3292 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

founded 2 years ago
MODERATORS
Tenthrow@lemmy.world
The_Picard_Maneuver@lemmy.world
The_Picard_Maneuver@startrek.website
334
Has to be 16 characters, #s, Cap and lower case. (lemmy.world)
submitted 11 hours ago by salty_chief@lemmy.world to c/memes@lemmy.world
84 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] Scipitie@lemmy.dbzer0.com 9 points 6 hours ago (1 children)

There's a xkcd for that of course! Linking directly to the explain as it has more info but the important thing is: password guidelines tricked humans into thinking in a machine way about safe passwords but long pass phrases are more secure from an entropy point of view and way easier to remember!

https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength

[–] LostXOR@fedia.io 0 points 3 hours ago (1 children)

The xkcd-suggested passwords have 44 bits of entropy. Assuming a weak hash like SHA1, a single 4090 could crack such a password in under 10 minutes (source).

My 16 character password, with 70 symbols per character, has log₂70 * 16 ≈ 98 bits of entropy. That corresponds to a cracking time of over 200 billion years with the same parameters.

xkcd's password system is quite terrible for security. Its only advantage is that it's relatively secure for how easy it is to remember. If you're someone who really struggles to remember passwords and would otherwise use something even weaker, go for it, but if you want security then random characters are the way to go.

[–] Scipitie@lemmy.dbzer0.com 3 points 3 hours ago (1 children)

Take a sentence with 200 characters then.

And your opinion is exactly that and doesnt match security research:

For the following you're not the target group but others reading this who might want to make their lifes easier. Just from your way of writing I at least don't expect that minor sources like okta or the NCSC will change your mind.

( article links with high level descriptions and links to their primary sources)

https://www.okta.com/identity-101/password-vs-passphrase/

https://www.4bis.com/passphrase-vs-complicated-passwords-passphrases-are-best/

https://specopssoft.com/blog/passphrase-best-practice-guide/

[–] LostXOR@fedia.io 1 points 3 hours ago

I'm not arguing that random passwords are better for everyone, just that they're most secure for their length. A 9 word passphrase is just as secure as a 16 character random password, but is far longer.

A 4 word xkcd passphrase is more or less equivalent to a 7 character random password, and is secure with xkcd's threat model (online brute force attack) but not with other threat models, like a brute force of a weak hash, which is many orders of magnitude faster.

If you'd like to verify the math:
4 word xkcd passphrase: 2048 (possible words) ^ 4 (number of words) = 44 bits of entropy ≈ 17.6 trillion possibilities.
7 word password: 70 (possible characters) ^ 7 (number of characters) ≈ 42.9 bits of entropy ≈ 8.2 trillion possibilities.
(Adding an eighth character raises the number to 576 trillion).