| brent timothy saner via plug on 30 Apr 2022 18:05:50 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Correct Horse Battery Staple |
On 4/30/22 17:59, K.S. Bhaskar via plug wrote: > Horse battery staple is a terrible idea. If you have to remember five > random sequences of four words each, you can, but if you have to > remember 20 (most people have logins for at least e-mail, social media, > banking, etc.) it's questionable whether you can. Horse battery staple > may be a good idea for a master password for a password manager, but > that's it; certainly not for a bunch of accounts. Instead of random > sequences of words, most people will end up using meaningful phrases > like “Mikey's high school PTO” which have far less entropy. > > I remember studies from way back when: while chess grandmasters can > remember meaningful chess board positions far better than average > people, when it comes to random chess board positions, they are no > better than average people. It's the same thing with random phrases vs. > meaningful phrases. > > Regards > – Bhaskar > It's an unpopular stance, but I agree with Bhaskar. And these provide additional insight as to why it's not all it's cracked up to be: https://fractionalciso.com/correct-horse-battery-staple-review/ https://steemit.com/steemstem/@procrastilearner/correct-horse-battery-staple-is-wrong https://www.pentestpartners.com/security-blog/correcthorsebatterystaple-isnt-a-good-password-heres-why/ https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html It is important to remember that Randall Munroe is a web cartoonist, physics programmer, and roboticist- not a cryptographer or security expert. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug