| ▲ | ahofmann 13 hours ago |
| I also think it is a good decision.
Nevertheless it breaks the workflow of at least one person. My father's Linux password is one character. I didn't knew this when I supported him over screen sharing methods, because I couldn't see it. He told me, so now I know. But the silent prompt protected that fact.
It is still a good decision, an one character password is useless from a security standpoint. |
|
| ▲ | nextlevelwizard 14 minutes ago | parent | next [-] |
| This has always been an option and your dad can just flip the default back to not show it |
|
| ▲ | airstrike 4 hours ago | parent | prev | next [-] |
| If it breaks the workflow of one person but makes it better for many more, it's likely a worthwhile tradeoff. |
|
| ▲ | wartywhoa23 2 hours ago | parent | prev | next [-] |
| How much would unknown password length protect against bruteforcing a 1 character password? |
|
| ▲ | zx8080 13 hours ago | parent | prev | next [-] |
| > It is still a good decision, an one character password is useless from a security standpoint. Only if length is known. Which is true now. So it opens the gates to try passwords of specific known length. |
| |
| ▲ | ludston 12 hours ago | parent [-] | | If you are brute forcing passwords, knowing the length only reduces the number of passwords to try by like 1 hundredth. | | |
| ▲ | elcritch 12 hours ago | parent | next [-] | | Drats, you're right. I thought it'd be worse, but the ratio seems to only depend on the number of letters in your character set: 1/count(letters in alphabet). For ascii at 95 printable chars you get 0.9894736842. Makes intuitive sense as the "weight" of each digit increases, taking away a digit matters less to the total combos. Maybe I'll start using one Japanese Kanji to confuse would be hackers! They could spend hours trying to brute force it while wondering why they can't crack my one letter password they saw in my terminal prompt. ;) | | |
| ▲ | dhosek 3 hours ago | parent | next [-] | | I’ve occasionally contemplated using some non-ASCII character like • or š in a password, but have backed off for fear of needing access from a device that doesn’t support input of those characters. | |
| ▲ | Obscurity4340 8 hours ago | parent | prev [-] | | Its funny how a single japanese symbol would be harder to crack than the anglicized name for it | | |
| ▲ | LoganDark 4 hours ago | parent [-] | | Do we know if the asterisks count Unicode code points rather than bytes? | | |
| ▲ | Izkata 4 hours ago | parent [-] | | Doesn't really matter, the IME shows the input until you confirm which kanji you want. | | |
| ▲ | LoganDark 3 hours ago | parent [-] | | When the IME inserts the character, it'll be made up of multiple bytes because of the nature of UTF-8, so it may appear as multiple asterisks regardless. |
|
|
|
| |
| ▲ | egeres 12 hours ago | parent | prev [-] | | It also give you the possibility of filtering out which ones are worth cracking and which ones not | | |
| ▲ | elcritch 12 hours ago | parent [-] | | It could also give useful priors for targeted attacks, "Their password is 5 characters, and their daughters name is also 5 characters, let's try variations of that". | | |
| ▲ | justsomehnguy 2 hours ago | parent [-] | | Some system accessible to hackers who can see the length of the password /and/ having a single 5 char password has a security of a key under a doormat. |
|
|
|
|
|
| ▲ | brnt 13 hours ago | parent | prev [-] |
| I may or may not use a single char password on a certain machine. This char may or may not be a single space. It may or may not be used in FDE. It's surprising what (OS installers) this breaks. |
