this post was submitted on 20 Jul 2024
1627 points (98.7% liked)

linuxmemes

20880 readers
4 users here now

I use Arch btw

Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
1627
-----BEGIN PRIVATE KEY----- (lemmy.world)
submitted 4 months ago by [email protected] to c/[email protected]
74 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 28 points 4 months ago* (last edited 4 months ago) (27 children)

Words are the least secure way to generate a password of a given length because you are limiting your character set to 26, and character N gives you information about the character at position N+1

The most secure way to generate a password is to uniformly pick bytes from the entire character set using a suitable form of entropy

Edit: for the dozens of people still feeling the need to reply to me: RSA keys are fixed length, and you don't need to memorize them. Using a dictionary of words to create your own RSA key is intentionally kneecapping the security of the key.

[–] JackbyDev 8 points 4 months ago (6 children)

Good luck remembering random bytes. That infographic is about memorable passwords.

[–] [email protected] 5 points 4 months ago (5 children)

You memorize your RSA keys?

[–] sus 3 points 4 months ago (1 children)

you memorize the password required to decrypt whatever container your RSA key is in. Hopefully.

[–] [email protected] 0 points 4 months ago (1 children)

Sure but we aren't talking about that

[–] sus 2 points 4 months ago (1 children)

I think this specific chain of replies is talking about that actually.. though it is a pretty big tangent from the original post

[–] [email protected] 0 points 4 months ago* (last edited 4 months ago) (1 children)

"can you string words to form a valid RSA key"

"Yes this is the most secure way to do it"

"No, it's not when there is a fixed byte length"

-> where we are now

[–] sus 2 points 4 months ago

the direct chain I can see is

"can you string words to form a valid RSA key"

"I would hope so, [xkcd about password strength]"

"words are the least secure way to generate random bytes"

"Good luck remembering random bytes. That infographic is about memorable passwords."

"You memorize your RSA keys?"

so between comments 2 and 3 and 4 I'd say it soundly went past the handcrafted RSA key stuff.

load more comments (3 replies)
load more comments (3 replies)
load more comments (23 replies)