Comments by "Chaos Corner" (@chaos.corner) on "Ask Leo!" channel.

  1. Yes. This video missed the point completely. Which is odd as it's shown explicitly in the cartoon, with illustrations.
    7
  2. You are not supposed to pick the words. Though any language is fine (adjust for number of words).
    4
  3. The capitalization thing was not part of the original cartoon. It really explains it much better than was done here.
    2
  4. The point in the comic is that user-provided passwords are low entropy and high entropy random character passwords are hard to remember. The words must be chosen at random and provide a high-entropy, easy to remember password.
    1
  5.  @ericapelz260  Also if the device you use the manager on is compromised, someone could access your database and get all your passwords in one go.
    1
  6. He's muddied the waters. You're partway right. You'd need a generator but it would be four 'easily' remembered words. A long string of random characters is very hard to remember. The human generated passwords we end up using are not very secure and often not very easy to remember either. The worst of both worlds.
    1
  7. ?Where did the random letters come from? If from a password generator, fine. If from your head, they're likely less random than you'd think.
    1
  8.  @xwtek3505  Not so obviously. People often think they are more capable of generating randomness than they are. If you are generating your passwords that way and remembering them then I commend you.
    1
  9. You started off well but don't mess with the words. It's supposed to be easy to remember (though you are not supposed to pick the words).
    1
  10. No. Those things make it harder to remember and therefore worse. I suggest looking at the original xkcd cartoon, it's very clear about what it's saying.
    1
  11.  @glorrin  Thing is, you are not supposed to choose the password, that reduces the entropy. People use a lot fewer words than they know and even words you don't know could work if you can remember them (and you know them after that anyway). Again, I recommend reading the cartoon because it really explains it better and fully. (I do have issues with the cartoon but this guy has made a hash of explaining what it's getting at).
    1
  12. Not unbreakable. They are using popular phrases sometimes now. If you're not doing random, you're vastly reducing the entropy of your passphrases.
    1
  13. They are not supposed to produce the words. They are supposed to be randomly generated. They are also not supposed to randomly capitalize words. Also, the comparison is not supposed to be against randomly generated string passwords. I highly recommend reading the original comic.
    1
  14. Books are online these days. It's a low-entropy option and shouldn't be regarded as secure.
    1
  15. Yes. Missed the point of the comic completely.
    1
  16. Many words are more than 5 characters though. But also, the original comic was not talking about random string passwords. This dude misconstrued the point.
    1
  17.  @askleonotenboom  NO NO NO. Reread the comic, Leon.
    1
  18. That's not the point of the comic. 16 random characters are hard to remember so people end up using passwords like 'hunt3r2' which are insecure and easy to brute force. The four words are supposed to be randomly generated and should (in theory) be easily remembered (using mnemonics) with no special characters or misspellings. It's all well explained in the comic.
    1
  19. Unfortunately, this analysis misses the point of that comic.
    1
  20. Reread the comic. You seem to have forgotten the points it made.
    1
  21.  @SmallSpoonBrigade  The comic does not assert that it's more secure than a random string of characters but that it's easier and more secure than the passwords people try to remember.
    1
  22. He's made a real hash of this. Go find the original comic (search for correct horse battery staple) which explains it properly in four panels. It's four easily memorable randomly generated words vs not-really-secure human crafted passwords. (long strings of randomly generated characters generally being too hard to memorize).
    1