|
|
|
|
|
|
by macchi
491 days ago
|
|
|
This never made sense to me, assuming that using common words is more secure than random characters. To a computer it doesn’t matter if you’re using random characters or a group of words, it’s all a matter of guessing from a pool of characters. So “energic bicycle stamp” is less safe than “3nerg1c bicycll3 st4mp!” because the latter uses a larger pool of characters than the former. |
|
|
You could imagine two different passwords machine generated with the same entropy under plausible selection schemes: some w$#J8fe keysplat or the selection of 5 words from a dictionary of common words. Both would be equally secure against a password guessing attacker, but the common word one would be easier for most people to remember.
If you held memorability constant, the character-splat password would be less secure.
You could imagine a hybrid, but the one you demonstrate is the kind that humans construct on their own where some characters are replaced with lookalike symbols-- these sorts of adhoc schemes are well modeled by replacement rulesets and markov-model password guessing algorithms and don't tend to add a ton of entropy. They do hurt memorability a fair bit and the better done (from a security perspective) the worse the hit on memorability.
The comic's author would probably argue just adding an extra word is better from a security and memorability perspective, or at least I argue that. :)