Hacker News new | ask | show | jobs
by StavrosK 4672 days ago
It doesn't work when the attacker knows you use this scheme, your username and the site's domain. There's no secret in that scheme, therefore it's pretty much the exact definition of security through obscurity. Add a password to it, though, and you pretty much have SuperGenPass.
1 comments
phaemon 4672 days ago
I think you replied to the wrong person here. I'm saying that the passphrase does not rely on security through obscurity. venomsnake's scheme does, though it appears he meant it to be exactly that (ie. an example).
link
StavrosK 4672 days ago
Yeah, that was weird. You are correct in that comment, I posted the entropy equivalents in another comment in this thread (using 5 words is pretty secure).
link