Brute force protection - eviltoast

Brute force protection

@memes

  • saigot@lemmy.ca
    link
    fedilink
    arrow-up
    12
    ·
    edit-2
    8 months ago

    Dictionary attacks have been around for a long time, but It’s still quite strong especially if you throw in a number.

    A fully random 8 character password has about 10^14 brute force combinations (assuming upper and lower case + the normal special characters). 4 words choosen at random from the top 3000 words (which is a very small vocabulary really) is 10^13 dictionary attack combinations, add a single number or account for variations in word style (I.e maybe don’t always use camel case) and you’ve matched the difficulty. If you use 5 words it’s 10^17 combinations.

    A password manager and a hard password is a better idea but there are cases where you can’t use a password manager (like the password to said manager).

    • Rickety Thudds@lemmy.ca
      link
      fedilink
      English
      arrow-up
      4
      ·
      8 months ago

      I’m a basic little shit so, I basically use a correct horse + number password for my PW manager

    • sloppy_diffuser@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      I do a passphrase like the comic followed by 56 characters of gibberish using an https://onlykey.io/ (acts as a USB keyboard) that has a 10 digit pin (6 characters to choose from) and a kill switch pin (if I were ever forced to unlock it). I use this method for my disk encryption, main account login, and password manager.

      I also use a https://www.themooltipass.com/ for vendor diversity (4 digit pin but all hex characters). I prefer the onlykey.

      I rotate the gibberish monthly and the passphrase 2-3 times a year.

      Once a year I change up the pin codes.

      I figure that gives me enough entropy from brute force on all my systems with a balanced level of convienence and security. I literally don’t know a single one of my passwords.