Comments by "SmallSpoonBrigade" (@SmallSpoonBrigade) on "How Can Four Random Words Possibly Be More Secure Than 16 Random Characters?" video.

  1. That's a sign of incompetence. The only thing worse is when they have a secret limit and don't bother to tell you about it. I've been hit with that a few times where I set the password, save the password and it won't work because it's doing something weird witht he truncation.
    3
  2. Switching to Chinese characters is a massive improvement. That's like 20-50k worth of words per character.
    1
  3. The answer is that it's weaker security and really only acceptable if you absolutely need to be able to remember it without a password manager. It's less than half the entropy of a random password involving just the alphabet and numbers. The problem is in the notion that there are more words than characters as that assumes that you know the extra words and somehow that words are more secure than other strings of characters. Which is largely false, you probably don't know more than a 10-20k words. And it only takes 4 random characters to exceed the number of possible English words. At just 3 you've already exceeded the vocabulary of any college educated writer by an order of magnitude. (That's assuming 26 lower case letters, 26 upper case letters and 10 digits, it gets out of hand even more quickly if you allow a few punctuation characters as well)
    1
  4.  @askleonotenboom  Yes, but I've never really bought into the notion that this really is any better. And it's going to vary widely from language to language. correctHorseBatteryStaple is 50.98 bits worth of entropy EUf8wfxChNLSDUDjHH5gsyVyD is 138.33 bits of entropy. This is one of the things where Randall screwed things up. It's weaker security and it only really makes any sense if you're trying to remember the password. Which doesn't really make much sense as over the years, I've accumulated hundreds of passwords and in many cases there are mandatory password changes as well.
    1