1. Forum
  2. Usenet
  3. SCI.CRYPT

  • I don't get this RANDOM stuff...?

    From ignoramus@home.com@21:1/5 to All on Thu Apr 24 18:13:08 2025
    I don't understand the need for this random stuff.

    I just made up this somewhat easy to remember passphrase about my
    doggie's bathroom habits.

    My doggiiee poohps 2.3 tyhmes a dahy

    It can be 'hacked' because it isn't "random"?

    Every password checking web site says it would take thousands of
    centuries to hack. What am I missing?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Richard Harnden@21:1/5 to ignoramus@home.com on Sat Apr 26 10:09:57 2025
    On 25/04/2025 00:13, ignoramus@home.com wrote:
    I don't understand the need for this random stuff.

    I just made up this somewhat easy to remember passphrase about my
    doggie's bathroom habits.

    My doggiiee poohps 2.3 tyhmes a dahy

    It can be 'hacked' because it isn't "random"?

    Every password checking web site says it would take thousands of
    centuries to hack. What am I missing?

    I hope that means 2 or 3 times a day, because I don't want to think
    about what a 0.3 means.

    The problem is that it isn't random - once during morning walkies, maybe
    during lunchtime walkies and once during evening walkies - so it'll be
    very predictable and you only get a tiny bit of data evenly spaced out.

    Can you generate thousands of different passphases?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Juergen Nieveler@21:1/5 to ignoramus@home.com on Mon May 5 07:25:54 2025
    ignoramus@home.com wrote:

    I don't understand the need for this random stuff.

    I just made up this somewhat easy to remember passphrase about my
    doggie's bathroom habits.

    My doggiiee poohps 2.3 tyhmes a dahy

    It can be 'hacked' because it isn't "random"?

    Every password checking web site says it would take thousands of
    centuries to hack. What am I missing?

    It's not so much that you'd get hacked because it's not random - but that
    you'd be tempted to use it on multiple services because "Oh, I have a very
    long and secure passphrase".

    Finding your password through brute force would indeed take AGES... as
    long as it's stored securely on the server in the form of a salted hash
    only. But if it's not... then somebody would know the password and could
    try it on all kinds of services to see where else you used it.

    That's why long memorable passphrases should only be used on password
    safes - the one thing where you REALLY shouldn't write down your password
    for, as that's where you store all your other passwords. And THOSE are
    random, because that's much much easier than coming up with hundreds of different phrases...

    Of course that password safe also needs 2FA of some kind just in case THAT password gets found somehow, that goes without saying.

    --
    Juergen Nieveler

    Ceterum censeo NSA esse delendam

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)