No, the algorithms are bad as well. Transformed dictionary is hardly any better ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

usrusr on March 4, 2019 | parent | context | favorite | on: The password “ji32k7au4a83” has been seen over a h...

No, the algorithms are bad as well. Transformed dictionary is hardly any better than dictionary if the transformation isn't unique.

All those annoying rules about required character classes are mainly there to prevent dictionary attacks, but "s3cr3t" is not much of an improvement over "secret" ("s4cr5t" would, because it's not the result of a popular transformation).

pishpash on March 4, 2019 [–]

Not much of an improvement, but never worse -- unless the function is not injective. You can't argue with Kolmogorov complexity. If the algorithm is secret and has computational complexity it gets better.

usrusr on March 4, 2019 | [–]

Sure, but we are talking about trivial substitution schemes here. I could have been more specific.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact