Cybersecurity - Memes

3767 readers

78 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago

MODERATORS

Sam1232188@lemmy.world

neurohost@lemmy.world

Alphadef@programming.dev

CannaVet@lemmy.world

What do you guys think? Would this greatly decrease your chances of being hacked? (cdn.lifehack.org)

submitted 1 day ago by TehBamski@lemmy.world to c/cybersecuritymemes@lemmy.world

47 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] luciferofastora@feddit.org 22 points 1 day ago (1 children)

For today's lucky ten thousand:

And for those who don't know where the "lucky ten thousand" comes from:

[–] Mika@piefed.ca 2 points 1 day ago (2 children)

Wouldn't it be possible to attack with a dictionary?

[–] calcopiritus@lemmy.world 4 points 1 day ago (1 children)

Dictionary attacks usually contain a dictionary of common passwords. To use a dictionary for this, you'd have to use a word dictionary instead of a password one. And then you're back to combinatorics.

4 words, where each word is in the dictionary: N^4. However the N here is way bigger than the amount of ASCII characters. Especially if each of the words may be of a different language. If N is larger than 16384, then it has more combinations than a random 8 ASCII character password. 16384 = sqrt(sqrt(128^8)). Quick Google search says English has more than 1 million words.

Therefore even if you know that the user generated their password using this method and used a dictionary attack tailored for this method, it would still be harder to break than a random 8character password.

[–] Mika@piefed.ca 1 points 20 hours ago (1 children)

https://internationalenglishtest.com/blog/how-many-words-are-in-the-english-language/

According to recent studies, the average adult native English speaker knows between 20,000 and 35,000 words

I mean sure it might still work, but would make more sense to grasp for some trickier words, like fantasy character names etc.

[–] calcopiritus@lemmy.world 1 points 19 hours ago (1 children)

The thing is to have a program randomly select the words for you. That way the words are not related between them, and you aren't limited by only the words you know.

[–] Afaithfulnihilist@lemmy.dbzer0.com 0 points 32 minutes ago

Random words, one misspelled, occasional symbols.

Correct-horse7battery,stapple

If your password can be brute forced then you're just not trying.

[–] luciferofastora@feddit.org 1 points 22 hours ago

Even if you just tried word combinations of the 1000 most common English words (which for the record, none of those four belong to), you'd have a trillion possible combinations. If you try all the one-, two- and three-word-combinations first because you don't know how many words it's gonna be, you're about a billion guesses in before you even get to the actual solution space. If I mix in words from other languages, or less common words, the combinatorics get even worse, even if you knew what to try in the first place.

According to a word list generated from OpenSubtitles in 2018, staple would be #18878, so you'd have to use something on the size order of the top 20k, which would be an upper boundary of 160 quadrillion, not counting trying less than four words. I don't know what the best order for trying the words would be or how to calculate the rank of that combination within that order, but I'm pretty sure that "a fucking long time" is the most apt descriptor of how long it'd take.

By comparison, the 44 bit entropy the comic mentions is "just" 17 Trillion combinations for an upper boundary, or 2048^4. I'd venture a guess and say that that's far below the lower boundary for the other option.