top | item 39691762

(no title)

hackan | 1 year ago

Do note that 42bits is way too low for a secure password. You should be targeting something over 77 bits [0], so you would need to combine 2 passphrases. Sound pretty hard to remember to me :P

Shameless plug: I made a secure* passphrase and password generator in Python [1]

[0] https://www.eff.org/es/deeplinks/2016/07/new-wordlists-rando...

[1] https://github.com/HacKanCuBa/passphrase-py/

discuss

ufo|1 year ago

Would a lower complexity be enough, with proper key stretching?

hackan|1 year ago

It depends entirely on your security requirements, but all in all, in broad definitions, 42 bits is not enough. Maybe if key rotation happens fast enough, faster than expected brute force, then, maybe? Again, all up to definitions and context. Let's not forget that this "passphrase generator" is mostly a joke :D

lannisterstark|1 year ago

[deleted]

glitcher|1 year ago

Not a boomer, but age shaming seems unnecessary.

I remember exactly one passphrase - the one to open my password manager. Sure there are other methods, but none of the alternatives work as conveniently on every type of device I need to use.

mdaniel|1 year ago

... which is, itself, unlocked by a passphrase. And, bonus points if one uses Bitwarden since one could think of the insulting unlock passphrase as directed toward their UX team :-D