top | item 41878971

(no title)

tuxone | 1 year ago

I just opened the Password app for the first time to look at the generator. It seems like the pattern is: [a-zA-Z0-9]{6}\-[a-zA-Z0-9]{6}\-[a-zA-Z0-9]{6} with exactly only one uppercase char and one digit. I don't want to do the maths but that looks like a lot of removed entropy.

discuss

nneonneo|1 year ago

Fully random: 62^18 in that format, or about 107 bits of entropy.

Their approach: ~71 bits per the article (I counted ~73 bits but I’m not using their exact algorithm)

I’d say it’s not too bad. With a good password hashing algorithm you’re looking at nearly 2^100 operations to bruteforce their passwords, which isn’t going to be feasible anytime soon. (Even with a crappy hash algorithm it’s still going to be over 2^80 operations).

And, in this case, that entropy trade off means the passwords are easier to remember and type in, making it more likely for humans to actually use those passwords.

timabdulla|1 year ago

He mentions the entropy in the article...

tuxone|1 year ago

Right, thanks. So from 160 bits down to 70 bits of entropy (there is also fancy syllables and bad words to take into account).

Veliladon|1 year ago

*They just FYI.