316
Please create a non-secure password.
(lemmy.world)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 06 Jan 2025
316 points (94.6% liked)
Mildly Infuriating
35834 readers
854 users here now
Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.
I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!
It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. Content should match the theme of this community.
-Content should be Mildly infuriating.
-At this time we permit content that is infuriating until an infuriating community is made available.
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
...
Also check out:
Partnered Communities:
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.
founded 2 years ago
MODERATORS
Yeah, I'd consider anything less than 20 characters broken. Much too likely that it's contained in a rainbow table, regardless how many special characters you use. Can I remember many 20 character passwords? No, but my password manager can.
That's a big rainbow table. Like, with just precomputed values and random ascii character passwords it's on the order of 10^42^ entries. You can shave that down a bit probably with all the tricks rainbow tables use, but I think you're safe.
Base85 contains just about every printable ASCII character, so I'll use that as a base. 85^16^ ~= 10^31^ -> extremely huge, but still feasible at least for state actors. 85^20^ ~= 10^39^ -> if I read Wolfram Alpha's comparison correctly, that is more information than is believed to be contained in the DNA of all living creatures combined. That's why I'd recommend >= 20 characters.
State actors don't generally need to break passwords. They ask the company "nicely" and they get what they want. The exception would be if that password is being used to encrypt data.
10^31^ is ridiculously huge too. The NSA probably works on EB scales, which is "only" 10^18^ bytes. If you can get up to 10^22^ equally likely passwords you're fine against dragnet, brute force-style attacks. (If you're zombie Bin Laden and the NSA will stop for a whole year cracking your drive, and doesn't have any shortcuts, maybe you need 10^39^ I guess)
That being said, if more characters is no problem, go ahead and do that. I'm not saying more security for free is a bad thing.
I let my password manager create 32 char passwords, that should be enough for a while. But of course then you have websites that throw you a 'your password is too long' message and have you find out by trial and error that they only accept 12 characters.
Or the off-by-one errors where they insist that 24 chars are the max, but in reality they accept 23. Probably never tested the limit.
Or websites that truncate your password after X characters when registering, but not when logging in, so you end up with an incorrect password and good luck finding out which limit the registration page actually uses.