Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment: Re:everyone who passed a math class knows (Score 1) 159

by rot26 (#49353597) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say
My reply in the other thread was more detailed, nuanced, explicit, and reasoned. I just couldn't do that twice in one day, it's exhausting. (I did say "lists" in my response.)

When I googled "diceware", and read what was on their site, I didn't really see any mention of the extra lengths you would have to go to to make the method actually secure. It's not a bad idea, it just has some caveats.

Comment: Re:everyone who passed a math class knows (Score 1) 159

by rot26 (#49349417) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say
Unless the diceware lists are not known to the attackers, how is this any better than any collection of 6 bit numbers? And if you're counting on the attackers not knowing about this method, you've degenerated into security by obscurity. What am I missing? And why did some wanker delete essentially this same response from another thread?

Comment: Most Importantly: MAKE SURE BAD GUYS DON'T KNOW (Score 1) 2

by rot26 (#49349103) Attached to: Passphrases You Can Memorize That Even The NSA Can't Guess
Am I missing something here? How does this make the password/phrase any more secure than 5 (ect) 6 bit digits? It depends on the hackers not knowing about the diceware lists, which devolves simply into security by obscurity. Now if the list were different for each person who downloaded it, that would help SOMEWHAT, but this would still by no means be secure.

Somebody point out what I am missing, please.

Never appeal to a man's "better nature." He may not have one. Invoking his self-interest gives you more leverage. -- Lazarus Long

Working...