26

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> That the trust to itself was justified, it is necessary to understand, as well as on the basis of what firmness  protection is added. It is obvious that considering the 25-symbolical password the adequate decision, it not quite understand. On set of factors such password is better.... <<RSDN@Home 1.1.4 stable SR1 rev. 568>>

27

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> Unless causes questions a level of development of the person who is putting on on building of 10 helmets, instead of one? It is not necessary to declare similar so categorically, the colleague! The parolnyj manager it certainly is remarkable and so on but how it to use when the password it is required to enter in EFI boot screen to load system where this manager is inside installed? Or it is the master password to that manager who should be entered on ten-other times in the course of the day? By the way about  as soon as it is necessary often -  extremely. Besides as already saw - it does not protect from serious children who nevertheless do not want to be shone with a soldering iron. Everyones fingerpint scanners are all the same deceived. Therefore the long password from a phrase which it is possible quickly  but it is difficult  (with the dictionary or without) has the niche.... <<RSDN@Home 1.1.4 stable SR1 rev. 568>>

28

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: aik>> https://xkcd.com/936/KV> https://diogomonica.com/2014/10/11/pass … t-correct/ here it is interesting To me what clever man and what for (!!!) transferred a subject from humour to wars (which I diligently avoid) beating a branch still there, in humour when it became clear that people without sense of humour began to write there.

29

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: aik>>>> https://xkcd.com/936/KV>>> https://diogomonica.com/2014/10/11/pass … t-correct/ BFE>> to Advise to use the manager of passwords to the paranoiac with the password in 25 characters? A good joke. KV> 25 characters are not a paranoia, and . Unless causes questions a level of development of the person who is putting on on building of 10 helmets, instead of one? Well, I do not know. The password, as the password: RjxtnrjdDkflbvbhEi ` kLjvjq 25 characters are equal, it is easy to remember and type. It is worse nothing, say, than the password gx ` j But to peep it at a dial-up much more difficult that in some situations happens important.

30

Re: The password in 25 characters is already at all a paranoia

Hello, fin_81, you wrote: BFE>> to Advise to use the manager of passwords to the paranoiac with the password in 25 characters? A good joke. _> as you concern to such who uses "  the 12-symbolical password with the salt, received by means of PBKDF2/scrypt/bcrypt with made number of iterations"? As to harmless maniacs with professional deformation. _> as with such paranoiacs to struggle? What for with them to struggle?

31

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: _>> Firmness of 10 passwords on 100 sites is a firmness of 10 passwords on 100 sites. KV> cracked the password on one of a site-> cracked all 1/10 of used sites. Well you still need to learn these 10 sites, and then to pick up and logins to this password.

32

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> From what? Present realities are that that   the 12-symbolical password with the salt, received by means of PBKDF2/scrypt/bcrypt with made number of iterations, will be  millions years, is possible hundred thousand. The magnification of length of the password gives exponential growth of time of direct search. Therefore owners of 25 character passwords do not deserve any approval. Here or in  either to learn . Or to learn  in  it it is true for  phrases gpg - in years necessary for selection ?

33

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> From what? Present realities are that that   the 12-symbolical password with the salt, received by means of PBKDF2/scrypt/bcrypt with made number of iterations, will be  millions years, is possible hundred thousand. The magnification of length of the password gives exponential growth of time of direct search. Therefore owners of 25 character passwords do not deserve any approval. Here or in  either to learn . Or to learn  in  Here a counter that conditionally coherent 12 words to remember easier 12  characters. Type of such password "Big white  with a draft bare  ! ..." . And it to remember than 12  characters much easier. Even if it would be spelling correct phrase, its cryptography forces was more than at 12 the password. [Math]:: Pow (28, 12) ;#2.32218265089212E+17 [Math]:: Pow (170000, 8) ;#6.975757441E+41 plus can be developed simple system for storage, at email servers the tank catches up with a horse, at  an account - on the contrary, etc.

34

Re: The password in 25 characters is already at all a paranoia

Hello, B0FEE664, you wrote: BFE>>> to Advise to use the manager of passwords to the paranoiac with the password in 25 characters? A good joke. KV>> 25 characters are not a paranoia, and . Unless causes questions a level of development of the person who is putting on on building of 10 helmets, instead of one? BFE> well, I do not know. The password, as the password: BFE> RjxtnrjdDkflbvbhEi ` kLjvjq BFE> 25 characters are equal, it is easy to remember and type. BFE> it is worse nothing, say, than the password gx ` j BFE> But to peep it at a dial-up much more difficult that in some situations happens important. Well you yet do not forget about smart phones, where the small screen keypad. You will type 25 signs quickly - , you will slowly type... Easier at once so the password to tell to all associates.

35

Re: The password in 25 characters is already at all a paranoia

Hello, Stanislaw K, you wrote: SK> Well you yet do not forget about smart phones, where the small screen keypad. You will type 25 signs quickly - , you will slowly type... Easier at once so the password to tell to all associates.  it is equal for this purpose.

36

Re: The password in 25 characters is already at all a paranoia

Hello, fin_81, you wrote: _> Hello, kochetkov.vladimir, you wrote: KV>> And I am assured, as in course how in modern  managers these narrow and predicted places are leveled. And to crack a human body offers nobody. Here the specific approach offered in specific  is criticized. _> What approach? Ok, it is not difficult to me to repeat: the specific approach offered in specific . I.e. creation of the password with usage as the alphabet of words of English language. _> what entropy at good pseudorandom number generators? And why they have a prefix "pseudo"? It about firmness or about a faith in hyperbolic straight lines. At good - aspires to zero." Pseudo "- because"aspires", instead of"is equal". However, to what there was this question I did not understand = / _> There is no it you show that with introduction of new policies, protocols, managers of passwords and , the amount of the passwords merged in the Internet decreased. Well here present that we argue on, whether has the right to life SOLID, or anemic vs rich, or SQL vs NoSQL, or whether is any pattern an antipattern, etc. You, leaning against the long-term experience in this area, result to me arguments in favor of the point of view, try to explain something, give references to scientific publications and other . And here I declare that it is all  and you should confirm the words with experiment, and I also itself should guess - which. Somehow even anybody is insulting from similar  KV>> About monthly change of the password here except you and does not speak _> It is one of examples (on me silly) trust relationships policies, as the recommendation to have 100 different passwords on 100 sites for what it is necessary to get the manager of passwords. Presently periodic change of passwords does not give any advantages and is present at some  politicians exceptional for the historical reasons. Usage of various passwords on various sites relieves of quite specific problem of a reuse of results of successful attack on one site at attack to another. Is more or less reasonable  a total diversification of passwords: to divide resources into groups on their importance and for resources from the most important groups to use various passwords, and for less important - identical. About such circuits I adhere: From the most important resources I "store" passwords exceptional in a head (but thus they meet requirements to complexity and to randomness), from less important - in  (but on everyone a resource the password), from unimportant - the password same is used or at all I do not store, and I use for an input f-tsiej "forgot the password". KV>> Means, it is necessary to make so that breaking of the manager was more difficult than breaking of 10 passwords on 100 sites. Actually, this task in them also dares. _> the task dares or these managers of passwords are built in browsers with millions lines of not verified code and synchronized with exterior servers? And here  the code (also what you imply it)? _> Because on another it is inconvenient and it is impractical, it is not meaningful. To whom as _>>> Firmness of 10 passwords on 100 sites is a firmness of 10 passwords on 100 sites. KV>> cracked the password on one of a site-> cracked all 1/10 of used sites. _> 10 % against 100 % in case of breaking. Here only probability of purposeful breaking of one of 100 sites slightly above probability of purposeful breaking of one application at one user.... <<RSDN@Home 1.0.0 alpha 5 rev. 0>>

37

Re: The password in 25 characters is already at all a paranoia

Hello, Stanislaw K, you wrote: SK> Hello, kochetkov.vladimir, you wrote: KV>> Cracked the password on one of a site-> cracked all 1/10 of used sites. SK> well you still need to learn these 10 sites, and then to pick up and logins to this password. It if breaking is directed on the specific user. In practice it strongly works in other side is more often - the next basis with the next millions passwords of the users flowed away, attacking take from it the accessible information on each user, make of it some kind of the dictionary and the automatic machine  one hundred-other the most visited sites under this dictionary. Everything that  use, for example, for blackmail (steal  and demand for it some total) or depending on character of a resource.... <<RSDN@Home 1.0.0 alpha 5 rev. 0>>

38

Re: The password in 25 characters is already at all a paranoia

Hello, CreatorCray, you wrote: CC> Hello, kochetkov.vladimir, you wrote: KV>> That the trust to itself was justified, it is necessary to understand, as well as on the basis of what firmness  protection is added. It is obvious that considering the 25-symbolical password the adequate decision, it not quite understand. CC> on set of factors such password is better. And 50-symbolical - and for a long time... <<RSDN@Home 1.0.0 alpha 5 rev. 0>>

39

Re: The password in 25 characters is already at all a paranoia

Hello, B0FEE664, you wrote: BFE> Hello, fin_81, you wrote: _>> As you concern to such who uses "  the 12-symbolical password with the salt, received by means of PBKDF2/scrypt/bcrypt with made number of iterations"? BFE> As to harmless maniacs with professional deformation. , it is not difficult to me to repeat once again: it was a question of passwords of users are stored in what type on the server (because  will be by this "type", or online, but it can to be taken at all into consideration  speeds). You consider, what passwords on the server should be stored easier? How?... <<RSDN@Home 1.0.0 alpha 5 rev. 0>>

40

Re: The password in 25 characters is already at all a paranoia

Hello, CreatorCray, you wrote: CC> It is not necessary to declare similar so categorically, the colleague! Parolnyj the manager it certainly remarkably and so on but how it to use when the password will agree, got excited CC> it is required to enter in EFI boot screen to load system where this manager is inside installed? Opening the manager on phone or a pad and entering the password therefrom hands CC> Or it is the master password to that manager who should be entered on ten-other times in the course of the day? CC> by the way about  as soon as it is necessary often -  extremely. Besides as already saw - it does not protect from serious children who nevertheless do not want to be shone with a soldering iron. CC> everyones fingerpint scanners are all the same deceived. Could argue on each point, but I will go some other way: To you it is known though one security measure (any, not is mandatory information) which would not involve either inconveniences, or magnification of expenses of any resources? Here everyone for itself(himself) should solve, when costs  with protection and when it to you quits more expensively. CC> therefore the long password from a phrase which it is possible quickly  but it is difficult  (with the dictionary or without) has the niche. If the password  from 4-5 pure English words entering into dictionary TOP1000 of words of language, it quite  for made time. About what there was a speech. If to increase an amount of words and to use the words which are not entering at least in TOP3000  it becomes impossible, yes. But all same problems, as with storage and usage of traditional passwords get out.... <<RSDN@Home 1.0.0 alpha 5 rev. 0>>

41

Re: The password in 25 characters is already at all a paranoia

Hello, B0FEE664, you wrote: BFE> Well, I do not know. The password, as the password: BFE> RjxtnrjdDkflbvbhEi ` kLjvjq BFE> 25 characters are equal, it is easy to remember and type. You think, compilation of the dictionary with similar "transliteration" occupies a little notable time?... <<RSDN@Home 1.0.0 alpha 5 rev. 0>>

42

Re: The password in 25 characters is already at all a paranoia

Hello, CreatorCray, you wrote: CC> Hello, kochetkov.vladimir, you wrote: KV>> https://diogomonica.com/2014/10/11/pass … t-correct/ CC> * Users do not need password memorization schemes, they need to be incentivized to use a good password manager. CC> Breaks in a dust a reality - far not everywhere it is possible to use  the manager. Above answered about the manager on phone or a pad.... <<RSDN@Home 1.0.0 alpha 5 rev. 0>>

43

Re: The password in 25 characters is already at all a paranoia

Hello, aik, you wrote: aik> Hello, kochetkov.vladimir, you wrote: aik>>> https://xkcd.com/936/KV>> https://diogomonica.com/2014/10/11/pass … t-correct/ aik> here it is interesting To me what clever man and what for (!!!) transferred a subject from humour to wars (which I diligently avoid) beating a branch still there, in humour when it became clear that people without sense of humour began to write there. In the first message it is written, who transferred, generally. What for - "and to talk?" (... <<RSDN@Home 1.0.0 alpha 5 rev. 0>>

44

Re: The password in 25 characters is already at all a paranoia

Hello, sin_cos, you wrote: _> Hello, kochetkov.vladimir, you wrote: KV>> From what? Present realities are that that   the 12-symbolical password with the salt, received by means of PBKDF2/scrypt/bcrypt with made number of iterations, will be  millions years, is possible hundred thousand. The magnification of length of the password gives exponential growth of time of direct search. Therefore owners of 25 character passwords do not deserve any approval. Here or in  either to learn . Or to learn  in  _> it it is true for  phrases gpg - in years necessary for selection ? And  the phrase gpg just also is run through s2k-function with set number of iterations before to be used as symmetric key.... <<RSDN@Home 1.0.0 alpha 5 rev. 0>>

45

Re: The password in 25 characters is already at all a paranoia

Hello, UberPsychoSvin, you wrote: UPS> Even if it there would be spelling correct phrase, its cryptography forces was more than at 12 the password. UPS> [Math]:: Pow (28, 12) ;#2.32218265089212E+17 UPS> [Math]:: Pow (170000, 8) ;#6.975757441E+41 whence undertook n^m? The amount of the used words attacking is not known, .. There the binomial coefficient should be. And why as capacity of the dictionary it is taken 170000? In real attacks at first try  under hit smart dictionaries, and already then on full (also with the elements arranged on popularity). If words enter in TOP1000 (for example) as capacity it is necessary to take 1000, instead of an amount of all possible words.... <<RSDN@Home 1.0.0 alpha 5 rev. 0>>

46

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> Ok, it is not difficult to me to repeat once again: it was a question of passwords of users are stored in what type on the server (because  will be by this "type", or online, but it can to be taken at all into consideration  speeds). No. It was a question is exceptional of length of the password, instead of about that passwords of users are stored in what type on the server. KV> you consider, what passwords on the server should be stored easier? How? As the user I cannot influence that, as well as the password is stored in what type.

47

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: BFE>> Well, I do not know. The password, as the password: BFE>> RjxtnrjdDkflbvbhEi ` kLjvjq BFE>> 25 characters are equal, it is easy to remember and type. KV> you think, compilation of the dictionary with similar "transliteration" occupies a little notable time? It looking at whom., For example, how many it occupies from the English-speaking hacker of time?

48

Re: The password in 25 characters is already at all a paranoia

Hello, Stanislaw K, you wrote: BFE>> But to peep it at a dial-up it is much more difficult that in some situations happens important. SK> well you yet do not forget about smart phones, where the small screen keypad. You will type 25 signs quickly - , you will slowly type... Easier at once so the password to tell to all associates. It is necessary to understand as in this case the manager of passwords helps.

49

Re: The password in 25 characters is already at all a paranoia

Hello, B0FEE664, you wrote: BFE> Hello, kochetkov.vladimir, you wrote: KV>> Ok, it is not difficult to me to repeat once again: it was a question of passwords of users are stored in what type on the server (because  will be by this "type", or online, but it can to be taken at all into consideration  speeds). BFE> Is not present. It was a question is exceptional of length of the password, instead of about that passwords of users are stored in what type on the server. You though read my message before it to consider and do outputs about my professional deformation: M> and 12 characters now recommended minimum: Well not now, and in 12th year and in realities of ubiquitous usage for hash coding of passwords of the functions which absolutely for this purpose have been not intended (family MD, SHA, etc.) . With usage of the adaptive functions of hash coding (bcrypt, scrypt, PBKDF2, Argon2), 12 characters from the full alphabet will be more, than there is enough and in realities of 2016. Well, it is possible to finish about 16 characters that it was scratched nothing, if suddenly that. But in any way 25 Once again - speech about storage of passwords on the server and volume, whence undertook a minimum lath in 12 characters and why even it is superfluous for the modern approaches to storage of passwords (on servers). KV>> you Consider, what passwords on the server should be stored easier? How? BFE> as the user I cannot influence that, as well as the password is stored in what type. Yes. And 12 (a maximum 16) characters now suffices for eyes to level absence of this influence. 25 characters for this purpose are not necessary.... <<RSDN@Home 1.0.0 alpha 5 rev. 0>>

50

Re: The password in 25 characters is already at all a paranoia

Hello, B0FEE664, you wrote: BFE>>> RjxtnrjdDkflbvbhEi ` kLjvjq BFE>>> 25 characters are equal, it is easy to remember and type. KV>> you think, compilation of the dictionary with similar "transliteration" occupies a little notable time? BFE> it looking at whom., For example, how many it occupies from the English-speaking hacker of time? 0 seconds, are the basic dictionary entering into a minimum initial dial-up of dictionaries by default.