Hmmm, in my opinion your comparsion of the security level against a random password is not correct.
You suggest that a dictionary attack must combine all combinations of the most famous words to find your sentence. So it's a kind of brute force where you not using characters as the set of symbols but instead the most popular words.
But i'm pretty sure there are more efficient ways to guess your sentence. A sentence is not a random combination of words (pretty in the same way as a word is not a random combination of characters). So, if you also consider the grammar and the way how humans use the same words sequence in a similar way you will get a far far better performance for breaking the password.
Maybe such an approach is not state of the art yet (i don't know). But IMO we have the right technologie (deep learning) today to break such passphrases in an efficient way.
Edit: Now I have read the xkcd comic again and see that it's all about using random words together in a password. So, this should be safe. It may be a good idea to use a different example password and describe the requirement of randomness for choosing the right words. I guess it's a not trivial task to use random words you are able to remember. But the xkcd gives a really nice example. So, its a nice alternative to the "normal" password choosing approach.
Thank you for the nice article!
This is a good point. I probably should use random words instead of a simple sentence. I couldn't think of something (as you could probably tell by the sentence I used...). A better idea would've probably been to either take the time to think of one, or to use a generator.
Some generators out there actually make up words that are pronounceable, so you can easily memorize the password while it's not prone to a dictionary attack! It's neat stuff for sure :)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hmmm, in my opinion your comparsion of the security level against a random password is not correct.
You suggest that a dictionary attack must combine all combinations of the most famous words to find your sentence. So it's a kind of brute force where you not using characters as the set of symbols but instead the most popular words.
But i'm pretty sure there are more efficient ways to guess your sentence. A sentence is not a random combination of words (pretty in the same way as a word is not a random combination of characters). So, if you also consider the grammar and the way how humans use the same words sequence in a similar way you will get a far far better performance for breaking the password.
Maybe such an approach is not state of the art yet (i don't know). But IMO we have the right technologie (deep learning) today to break such passphrases in an efficient way.
Edit: Now I have read the xkcd comic again and see that it's all about using random words together in a password. So, this should be safe. It may be a good idea to use a different example password and describe the requirement of randomness for choosing the right words. I guess it's a not trivial task to use random words you are able to remember. But the xkcd gives a really nice example. So, its a nice alternative to the "normal" password choosing approach.
Thank you for the nice article!
This is a good point. I probably should use random words instead of a simple sentence. I couldn't think of something (as you could probably tell by the sentence I used...). A better idea would've probably been to either take the time to think of one, or to use a generator.
Some generators out there actually make up words that are pronounceable, so you can easily memorize the password while it's not prone to a dictionary attack! It's neat stuff for sure :)