zlacker

[parent] [thread] 4 comments
1. belval+(OP)[view] [source] 2023-08-05 22:50:29
95% means that on average only 1 in 20 keystroke will be wrong. Even if your password is very long (40-60) that means only 2-3 errors. Since more people are not machines their long password will be a combination of words like the famous "horsestaplebatterycorrect" example from xkcd.

Even if you flip a few letters from something like the above a human attacker will easily be able to fix it manually.

"horswstaplevatterucorrect" for example is still intelligible.

replies(1): >>TheCle+31
2. TheCle+31[view] [source] 2023-08-05 23:01:57
>>belval+(OP)
On average 2-3 errors. However the real thing we want to look at is what is my chance of guessing right across ALL characters. For 1 it's 95%, for 2 it's 90.2%, and it gets worse from there. The formula for accuracy would be .95^c where c is the number of characters in the password. So the chance of getting EVERY key correct in a 40 character password is < 13% and < 5% for 60 characters.
replies(3): >>llbean+W6 >>whelp_+D7 >>rightb+9n
◧◩
3. llbean+W6[view] [source] [discussion] 2023-08-05 23:52:46
>>TheCle+31
Right. The comment above is saying even if you are incorrect in 2-5 keystrokes it’s not hard to guess the correct keystrokes if you’re using a sentence style password.

You don’t need to guess every character.

◧◩
4. whelp_+D7[view] [source] [discussion] 2023-08-05 23:57:36
>>TheCle+31
that's pretty high when you can use a computer to run the guesses
◧◩
5. rightb+9n[view] [source] [discussion] 2023-08-06 02:37:45
>>TheCle+31
What if the password is typed twice? You can easely figure it out then.
[go to top]