|
Post by beetlefights on Nov 9, 2016 2:31:45 GMT
Passwords are rarely seemed to be as "Predictable" and "Unpredictable." In this, I will be generally showing examples of some.
One of the most common passwords is just no capitalization and directly on the minimal character limit. This is predictable, especially if the password has something related to you (e.g. your real name).
Encrypted passwords can even be predictable. If you encrypt a password, you have a vulnerability that randomly generated passwords do not have: using the same word to encrypt something. If you encrypt something like your Minecraft name on the Encipher encryption site, this is predictable. This is a big vulnerability in some users. Encryption can be used if you encrypt it securely (e.g. randomly made or certain techniques) however using words similar to something to do with you is predictable.
Randomly generated passwords are only predictable in the way that they will not be easily breached. It is incredibly unlikely for a user to use the same generator and just happen to get the same words as your passwords - essentially impossible.
Summarization? Randomly generated passwords are much less predictable than encrypted passwords and are generally more secure in a way.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Nov 9, 2016 2:33:53 GMT
This is a very informative thread that hasn't been created about fifty times now.
|
|
monkeh
Veteran Member
Posts: 1,371
| Likes: 881
|
Post by monkeh on Nov 9, 2016 2:36:42 GMT
This is a very informative thread that hasn't been created about fifty times now.
|
|
_Windows
Club 4000 Member
Posts: 7,881
| Likes: 9,611
|
Post by _Windows on Nov 9, 2016 2:37:17 GMT
Well, the level of predictability depends on the entropy of the password. Using mixed case, and numbers increases entropy, and that is why doing that is recommended.
|
|
|
Post by beetlefights on Nov 9, 2016 2:37:55 GMT
This is a very informative thread that hasn't been created about fifty times now. I actually never really see it noted that encryption isn't always the best way to go and can be predictable
|
|
_Windows
Club 4000 Member
Posts: 7,881
| Likes: 9,611
|
Post by _Windows on Nov 9, 2016 2:54:44 GMT
This is a very informative thread that hasn't been created about fifty times now. I actually never really see it noted that encryption isn't always the best way to go and can be predictable Encryption when done properly AND combined with steganography techniques to hide the data can be very secure.
|
|
|
Post by Polaris Seltzeris on Nov 9, 2016 3:24:21 GMT
There are so many mistakes on this thread. Encryption is NOT used for passwords, hashing is. Unfortunately a lot of sites don't use proper hashing methods with salt and it leaves passwords vulnerable if the database is leaked. So far, the most secure hash is salted SHA3-512, but unfortunately I can't name one site that uses it. But hashing of any means won't protect against insecure passwords (if your password is password it will be cracked no matter WHAT, that's just how hashing works).
|
|
Jacob474747
Veteran Member
Hello, I'm Jacob ^_^
Posts: 680
| Likes: 267
|
Post by Jacob474747 on Nov 9, 2016 21:44:14 GMT
Having Capital Letters, Numbers, Special Characters are also a very good way to make your password less predictable
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Nov 9, 2016 21:45:34 GMT
Admins are getting breached due to their passwords being something like - Qwerty123 - *Inset username* - abc123 - SuperAdmin123
|
|
Hockey
Club 4000 Member
Posts: 4,537
|
Post by Hockey on Nov 10, 2016 1:53:04 GMT
There are so many mistakes on this thread. Encryption is NOT used for passwords, hashing is. Unfortunately a lot of sites don't use proper hashing methods with salt and it leaves passwords vulnerable if the database is leaked. So far, the most secure hash is salted SHA3-512, but unfortunately I can't name one site that uses it. But hashing of any means won't protect against insecure passwords (if your password is password it will be cracked no matter WHAT, that's just how hashing works). I think what he's trying to say is that simply hashing 'password' and using the result is insecure. It's insecure unless you use a random salt.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Nov 10, 2016 3:03:54 GMT
There are so many mistakes on this thread. Encryption is NOT used for passwords, hashing is. Unfortunately a lot of sites don't use proper hashing methods with salt and it leaves passwords vulnerable if the database is leaked. So far, the most secure hash is salted SHA3-512, but unfortunately I can't name one site that uses it. But hashing of any means won't protect against insecure passwords (if your password is password it will be cracked no matter WHAT, that's just how hashing works). quickhash.comHMAC and SALT are different. However, for our purpose, it's good enough as HMAC still changes the data. Lets take a moment "Cow mooo PhD" Also I think he means a site that uses it for encryption not as a generator
|
|
Gommeh
Veteran Member
dammit ryan and rylie
Posts: 2,744
| Likes: 778
|
Post by Gommeh on Nov 11, 2016 4:54:47 GMT
More info: OFT: Yes Im back beetches!
|
|