Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The XKCD criticism of the 'bad' password has the same problems. How does the hacker know I have this kind of password (starting with a real english word, for example)?


No, it doesn't have the same problem.

It criticizes a particular way to choose passwords, leading to a result that seems 'secure' and even quite good to lots of people. One that easily satisfies braindead corporate password rules.

The entropy given there is based on that way to choose a password and even explained, graphically.

If you choose your password totally different and from different sets of characters, then the number will be off. That's not a surprise though?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: