Make WordPress Core

Context Navigation

← Previous Change
Ticket Comment History
Next Change →

Changes between Initial Version and Version 1 of Ticket #31772, comment 9

Timestamp:: 03/29/2015 09:29:41 PM (11 years ago)
Author:: chriscct7
Comment:

Legend:

: Unmodified
: Added
: Removed
: Modified

Ticket #31772, comment 9

-                      initial
+                      v1
+Repeating values of 0's are perfectly secure if there's alot of them. Let's say I don't know your password, and I have no preconcieved notions of what it could be. I don't know it, but your password is 32 repeating 0's. So how do I figure out your password? Brute force. The entropy required to bruteforce a string where it can contain upper/lower characters, special characters and numbers is incredibly high. Even if I knew your password only contained digits, it would still take me 32 quintillion years using the most powerful commonly accepted publically known brute force algorithims. So it's secure, even if to a user it doesn't seem secure. Repeating characters are only a concern when the number of digits is small or constricted. For example 0000 on an iPhone is insecure because I can brute force it quickly but also I know your password has to be numbers, and there has to be exactly 4 of them (if you use the number pin on older editions), and also 0000 is a common password. If I have no clue what your password length is, particularly when its long, 512 0's is no more secure than this randomly generated 512 character password
+Repeating values of 0's are perfectly secure if there's alot of them.
+Let's say I don't know your password, and I have no preconcieved notions of what it could be. I don't know it, but your password is 32 repeating 0's. So how do I figure out your password? Brute force. The entropy required to bruteforce a string where it can contain upper/lower characters, special characters and numbers is incredibly high.
+Even if I knew your password only contained digits, it would still take me 32 quintillion years using the most powerful commonly accepted publically known brute force algorithims. So it's secure, even if to a user it doesn't seem secure. Repeating characters are only a concern when the number of digits is small or constricted.
+For example 0000 on an iPhone is insecure because I can brute force it quickly but also I know your password has to be numbers, and there has to be exactly 4 of them (if you use the number pin on older editions), and also 0000 is a common password.
+If I have no clue what your password length is, particularly when its long, 512 0's is no more secure than this randomly generated 512 character password
 {{{