51

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> You though read my message before it to consider and do outputs about my professional deformation: KV> M> and 12 characters now recommended minimum: KV> Well not now, and in 12th year and in realities of ubiquitous usage for hash coding of passwords of the functions which absolutely for this purpose have been not intended (family MD, SHA, etc.) . With usage of the adaptive functions of hash coding (bcrypt, scrypt, PBKDF2, Argon2), 12 characters from the full alphabet will be more, than there is enough and in realities of 2016. Well, it is possible to finish about 16 characters that it was scratched nothing, if suddenly that. But in any way 25 Anything it in that message which I answered is not present. And above on a branch too is not present. KV> Once again - speech about storage of passwords on the server and volume, whence undertook a minimum lath in 12 characters and why even it is superfluous for the modern approaches to storage of passwords (on servers). And I argue with it? KV>>> you consider, what passwords on the server should be stored easier? How? BFE>> as the user I cannot influence that, as well as the password is stored in what type. KV> yes. And 12 (a maximum 16) characters now suffices for eyes to level absence of this influence. 25 characters for this purpose are not necessary. To whom are not necessary? To the paranoiac? The paranoiac cannot strongly sleep if to it to restrict length of the password. To  it has no direct relation.

52

Re: The password in 25 characters is already at all a paranoia

Hello, Stanislaw K, you wrote: BFE>>>> RjxtnrjdDkflbvbhEi ` kLjvjq BFE>>>> 25 characters are equal, it is easy to remember and type. KV>>> you think, compilation of the dictionary with similar "transliteration" occupies a little notable time? BFE>> it looking at whom., For example, how many it occupies from the English-speaking hacker of time? SK> 0 seconds, are the basic dictionary entering into a minimum initial dial-up of dictionaries by default. I do not trust. Someone tries to take search  the password? And in this dictionary there are words "Kochetkov" and "Vladimir"? Show me this dictionary.

53

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> Ok, it is not difficult to me to repeat: the specific approach offered in specific . I.e. creation of the password with usage as the alphabet of words of English language. That is the special case from billion is criticized. But washing the critic of a special case from 10 unique-correct managers of the passwords, written by the third (interested?) persons is already a paranoia. _>> what entropy at good pseudorandom number generators? And why they have a prefix "pseudo"? It about firmness or about a faith in hyperbolic straight lines. KV> at good - aspires to zero." Pseudo "- because"aspires", instead of"is equal". However, to what there was this question I did not understand = / And can therefore"pseudo"that this dial-up of random numbers can be repeated, simply knowing initial conditions. That is any entropy at them too . _>> There is no it you show that with introduction of new policies, protocols, managers of passwords and , the amount of the passwords merged in the Internet decreased. KV> well here present that we argue on, whether has the right to life SOLID... KV> Somehow even it is insulting from similar  Emmas... You seriously want to discredit information security as a science comparing it with  as SOLID, NoSQL and ? You want to confirm scientific character, show that these yours" entropies as firmness "have what that communication with a reality. Otherwise it is the pure theory in itself. Thus the theory which uses terms from other theory. _>> It is one of examples (on me silly) trust relationships policies, as the recommendation to have 100 different passwords on 100 sites for what it is necessary to get the manager of passwords. KV> presently periodic change of passwords does not give any advantages and is present at some  politicians exceptional for the historical reasons. Usage of various passwords on various sites relieves of quite specific problem of a reuse of results of successful attack on one site at attack to another. Is more or less reasonable  a total diversification of passwords: to divide resources into groups on their importance and for resources from the most important groups to use various passwords, and for less important - identical. About such circuits I adhere: From the most important resources I "store" passwords exceptional in a head (but thus they meet requirements to complexity and to randomness), from less important - in  (but on everyone a resource the password), from unimportant - the password same is used or at all I do not store, and I use for an input f-tsiej "forgot the password". And what output? From outside that you write looks as :" I that want, I do, but you, mortal, should use that I will tell ". KV>>> Means, it is necessary to make so that breaking of the manager was more difficult than breaking of 10 passwords on 100 sites. Actually, this task in them also dares. _>> the task dares or these managers of passwords are built in browsers with millions lines of not verified code and synchronized with exterior servers? KV> And here  the code (also what you imply it)? The code which is not checked up (and that corresponds to the necessary requirements cannot be checked up because of the size). _>> because on another it is inconvenient and it is impractical, it is not meaningful. KV> to Whom as For some (all these your passwords (with good entropy are more exact for the majority)) is from a category of a teapot of Russell. A hint that can  it is necessary be engaged, invent business razor Okkamy. _>>>> Firmness of 10 passwords on 100 sites is a firmness of 10 passwords on 100 sites. KV>>> Cracked the password on one of a site-> cracked all 1/10 of used sites. _>> 10 % against 100 % in case of breaking. KV> here only probability of purposeful breaking of one of 100 sites slightly above probability of purposeful breaking of one application at one user. We continue talk, using digits and emotionally colored estimate words made up. What it is better, to lose only 10 % at "slightly the higher probability", than 100 % at "slightly the lowest probability"?

54

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> And 50-symbolical - and for a long time If you can type it in one stopping without regaining consciousness - yes please!... <<RSDN@Home 1.1.4 stable SR1 rev. 568>>

55

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> Opening the manager on phone or a pad and entering the password therefrom hands Here the password starts to grow  irritation and desire to change or write down on a piece of paper. Among users it is not enough masochists. KV> Could argue on each point, but I will go some other way: to you it is known though one security measure (any, not is mandatory information) which would not involve either inconveniences, or magnification of expenses of any resources? Here everyone for itself(himself) should solve, when costs  with protection and when it to you quits more expensively. Long, but  the password from all variants for the person the least inconvenient. KV> if to increase an amount of words and to use the words which are not entering at least in TOP3000  it becomes impossible, yes. But all same problems, as with storage and usage of traditional passwords get out. Well why? Classical example about the password "forty thousand monkeys in an ass put a banana" or  a variant "are terrible   " has no same problems.... <<RSDN@Home 1.1.4 stable SR1 rev. 568>>

56

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> Above answered about the manager on phone or a pad.  [P, N\kL2, NW) 6+hH c phone strong can only spirit and strong nerves. And after all Aliens among us suggest also to remember it as "[POLYESTER, NUT \Korean LAPTOP Two, NUT WASHINGTON) Six + Hero HERO"!... <<RSDN@Home 1.1.4 stable SR1 rev. 568>>

57

Re: The password in 25 characters is already at all a paranoia

Hello, B0FEE664, you wrote: BFE>>>>> RjxtnrjdDkflbvbhEi ` kLjvjq BFE>>>>> 25 characters are equal, it is easy to remember and type. KV>>>> you think, compilation of the dictionary with similar "transliteration" occupies a little notable time? BFE>>> it looking at whom., For example, how many it occupies from the English-speaking hacker of time? SK>> 0 seconds, are the basic dictionary entering into a minimum initial dial-up of dictionaries by default. BFE> I do not trust. Someone tries to take search  the password? And in this dictionary there are words "Kochetkov" and "Vladimir"? Show me this dictionary. The transliteration dictionary. From national alphabets of various codings in a Latin English and it is reverse. The dictionary of names and surnames too exists. And it, suddenly, not so big. And how to use these dictionaries prompts intelligence.

58

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> Yes. And 12 (a maximum 16) characters now suffices for eyes to level absence of this influence. 25 characters for this purpose are not necessary. You now remind me  which consider that the password cannot be longer  than characters and rigidly it restrict. The user the password in 100500 characters - on health wants!... <<RSDN@Home 1.1.4 stable SR1 rev. 568>>

59

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: KV> Whence undertook n^m? Well as:  variants **  positions KV> If words enter into positions in TOP1000 (for example) as capacity it is necessary to take 1000, instead of an amount of all possible words. So all the same 1000 ** 8 in 4 times more than 28 ** 12... <<RSDN@Home 1.1.4 stable SR1 rev. 568>>

60

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: _>> it is true for  phrases gpg - in years necessary for selection ? KV> And  the phrase gpg just also is run through s2k-function with set number of iterations before to be used as symmetric key. "In years necessary for selection ?"

61

Re: The password in 25 characters is already at all a paranoia

Hello, kochetkov.vladimir, you wrote: aik>> here it is interesting To me what clever man and what for (!!!) transferred a subject from humour to wars (which I diligently avoid) beating a branch still there, in humour when it became clear that people without sense of humour began to write there. KV> in the first message it is written, who transferred, generally. What for - "and to talk?" (Type I should chase for not clear whom (here it is accepted to do all transfers anonymously) and to catch? I do not track a subject,  I do not receive, editing of old messages generally is fine - result worthless. "And to talk?" - do the subject in the necessary forum and speak, and that branch close. It is not necessary to transfer.

62

Re: The password in 25 characters is already at all a paranoia

_>> What entropy at good pseudorandom number generators? And why they have a prefix "pseudo"? KV> At good - aspires to zero. "Pseudo" - because "aspires", instead of "is equal". Emmas, to zero? Rather the reverse? Like when the full order and predictability is a small entropy, and chaos and  - high, or not? It seems, when in/dev/random there is not enough entropy aaplets are locked at attempt to receive  from system.

63

Re: The password in 25 characters is already at all a paranoia

Hello, Stanislaw K, you wrote: BFE>> I do not trust. Someone tries to take search  the password? And in this dictionary there are words "Kochetkov" and "Vladimir"? Show me this dictionary. SK> the transliteration dictionary. From national alphabets of various codings in a Latin English and it is reverse. SK> the dictionary of names and surnames too exists. And it, suddenly, not so big. SK> and how to use these dictionaries prompts intelligence. And the intelligence prompts an amount of combinations of four words from these dictionaries? And the intelligence prompts, what it is necessary to check passwords more long 25 characters?

64

Re: The password in 25 characters is already at all a paranoia

Hello, B0FEE664, you wrote: SK>> and how to use these dictionaries prompts intelligence. BFE> and the intelligence prompts an amount of combinations of four words from these dictionaries? BFE> and the intelligence prompts, what it is necessary to check passwords more long 25 characters? Judging by questions, the answer - is not present.