Why it's ridiculously dumb having a 100% random password

Topic: Why it's ridiculously dumb having a 100% random password (Read 8106 times) previous topic - next topic

0 Members and 6 Guests are viewing this topic.

Re: Why it's ridiculously dumb having a 100% random password

Reply #45 – 01 January 2023, 03:20:54

I'm not getting into cryptography, there is a total different accent meaning cryptography has to keep safe the secret so can't be reversed. In cryptography there's not only randomness involved there are other mathematical operations and so that is a different topic.

Other than that it doesn't mean cryptography that relies to much on randumbness (let's call it dumbness for a while) isn't weaker than others that do not rely that much. I'm not covering that cryptography part even if clearly this topic has huge implications. But on this I would add, have you ever heard about a bitcoin mnemonic phrase that repeats 2/3 or more times the same dictionary word? And I will leave it there in the cryptographers yard the ball is in their tennis court.

@gripped yeah we overly supra-estimated what random things can do and guarantee they can't do a lot of things but give a fake sense of security. Why the heck we expect randomness be that good?

True randomness 😏, common man we fetishized too much that thing let's get over it. And why we never try to connect some dots knowing so many hacks are presented day by day. Well maybe it's because they overly supra-estimated random generators who knows? It's enough for the hacker to try a smelly 'floating' pattern ..

Random non random, can you tell the difference? This true randomness seeking stuff is another fiasco in this field

ddk
eej

Can anyone tell which one is random and which I pulled out of my mood? And if anyone can, let him explain what kind of 'medicinal cocaine' he uses..

And because longer strings same we can't tell if are random or not just by looking at them nor any other methods it simply means the random-security idea is altogether a made-up idea without any mathematically base. The only hint we have is when we have a bunch of rep. which may suggest it's random, but anyone can take it's pattern and write one from the top of the head that it's in the same league (same pattern) so still we could not make any difference between those two. Btw the first one ddk is random generated the second pulled out of my inspiration just for the record even if doesn't matter at all.

In the coming days i'm gonna be showing exactly why a 63 length random gen are literally garbage sold by let's call them fortune tellers. One thing I can add, like you crank left right an old radio button you can literally crank password strength from the weakest to the toughest, it's just like a spectrum that it's mainly defined by the size length and total chars number.

Random things look better in nature but not in passwords. I'm having a theory related to gravity being tightly linked with entropy but i'm not alone on that one. In a way you can look at a planet like a 'random' system where it's particles spawn similar patterns that make them hold together but that's already Science Fiction.

Btw 🥂Happy new year everybody!!!

Re: Why it's ridiculously dumb having a 100% random password

Reply #46 – 01 January 2023, 03:55:47

Happy new year to you too.

Re: Why it's ridiculously dumb having a 100% random password

Reply #47 – 02 January 2023, 18:52:22

Quote from: Surf3r – on 31 December 2022, 20:55:24

That jazz or voodoo you keep saying doesn't hold any mathematical rationale. Doesn't matter you hide ...

I have not repeated myself at all, but have added to my second post.

Hiding something? On the contrary, I merely wanted to make visible the patterns you keep describing.

Re: Why it's ridiculously dumb having a 100% random password

Reply #48 – 04 January 2023, 10:15:50

I remember I've read about hardened-kernel having: Heap randomization test (PIE) : 40 quality bits (guessed)

Now I don't know exactly what that means but what I do know is that 40 bits of entropy it's a pretty low number, basically equivalates with ~ 6 length random gen string out of 94 total. But knowing computers uses only 0 and 1 (bits) has to be 40 digit long string of ones and zeroes. 2^40 which is roughly 1000 billions. Now if I would apply 'my' standard, the biggest pattern would be that where we have equal amounts of 0 and equal amounts of 1 => 20 zeroes and 20 ones those strings that repeat more ones or zeroes would be drastically fewer by case.

i.e 1111111111111111111111111111111111110000 this kind of patterns are fewer than
1111111111111111111100000000000000000000 this kind of pattern string (that would be LSP brought down in the kernel)

Because some are fewer therefor are more easily guessable meaning our security is let at the random mercy.

So you can get hacked or not depending how lucky you are and how misfortune a hacker has to be, and that my friends I for one can't call that security. A hacker has to have the least possible chance using our brains not letting randomness do black magic security. So we have to increase the odds in our favor.

So to reduce the luck of a hacker and increase the luck of the user would be perfectly fine to instruct kernels to spawn strings in the LSP range an not in dumbness range making a hacker guess things in memory or whatever he's been doing, much much harder and make him rage quit.

The other imbalanced strings will simply form more mirrored useless permutations than the other more balanced increasing security

I'm not an expert in cybersecurity so anyone more knowledgeable in this field has to apply his own corrections to the above claims.

EDIT: equivalates with ~ 6 length not 3

Re: Why it's ridiculously dumb having a 100% random password

Reply #49 – 04 January 2023, 15:58:36

Quote from: Surf3r – on 04 January 2023, 10:15:50

Now I don't know exactly what ...

Computers work with knowledge, not because you believe in them.

I'm really curious if before my lifetime ends you will write a post that will make any sense without "hackers" and "patterns".

Re: Why it's ridiculously dumb having a 100% random password

Reply #50 – 04 January 2023, 17:40:48

When you go to the supermarket, are you choosing your food randomly? And if yes how you cook them? Randomly? And if yes, how you eat them? Randomly?

We need a new concept of securing things with THE BEST EFFORT philosophy not with BEST RANDOMNESS EFFORT, we do not want the best randomness we want best security. There's no better or worse RANDOMNESS. A phenomena is or is not RANDOM. Comparing different kinds of RANDOMNESS it's a pretty lame science if you ask me. How do you compare them? All random things obey to the same probabilistic laws therefor can not be a better or worse randomness.

And on the contrary, Security works best with worse RANDOMNESS meaning we target the biggest pile of variants each and every single time to blend our jazz as best we can.

Choosing from '1.5 million beds' still not better if your butt pops out underneath, cos you just choose billion times smaller/tiny bed that lets your ass be seen easily, while choosing the biggest bed under where your rear end not gonna be seen but billion/trillion/gillion times harder, you'll be much safer there. So you see my friend you run for the wrong rabbit, we don't care if it's random or not, we care cos it's SECURE and it's more SECURE cos we can calculate it with high accuracy. RANDOM is one thing and SECURITY totally different thing. That's why we have two separate words so we can distinguish them while you say those are the same.

It's not and will never be

😏

Quote from: lq – on 04 January 2023, 15:58:36

.....make any sense without "hackers" and "patterns".

PS: almost forgot, hackers and patterns so you'll have a tiny satisfaction 🫡

Re: Why it's ridiculously dumb having a 100% random password

Reply #51 – 05 January 2023, 09:53:41

Quote from: Surf3r – on 04 January 2023, 17:40:48

When you go to the supermarket, are you choosing your food randomly? And if yes how you cook them? Randomly? And if yes, how you eat them? Randomly?

We need a new concept of securing ...

I don't see any difference between preparing food as a cook and computer system maintenance as an admin.

Both (the cook and the admin) have very effective means of keeping unauthorised butt-faces out of their areas of responsibility.

Re: Why it's ridiculously dumb having a 100% random password

Reply #52 – 05 January 2023, 23:40:39

Have some breaking news.

Mapped a whole string 4 total char (a-d), 4 char length, 4^4=256. And must admit the result took me by surprise. The biggest pile did not belonged to the non rep. but with the least rep. meaning that with ONLY ONE rep. This kind of BBP (backbone pattern) already intuited but did not get verified thru more rigorous checks but only now (see bottom prt screen)

What must be noted is that the shorter the STRING (length of the pass, i.e 3) vs TOTAL (search space depth i.e 12) the number of arr. with rep. drop far below the number of arr. with no rep.(see my Reply #34 prt sc)

In that case where string short vs total, non rep. are predominant (reply #34), but on longer strings i.e 63 out of 94 (our long debated LSP) arr. with ONE rep. starts to gain terrain.

Has to be determined at what length (proportion i.e 94/63, 94/47, etc) BBP with ONLY 1 rep. start to exceed other with no rep. or more rep.

For those that wanna take a closer look download file here

Re: Why it's ridiculously dumb having a 100% random password

Reply #53 – 07 January 2023, 02:01:58

Quote from: Surf3r – on 05 January 2023, 23:40:39

Have some breaking news.

You're repeating the same shit from your first post just packaged differently.

I want to know how many times (number) you have to execute the following line of code to get the identical (100%) output (your/my screenshoot).

Code: [Select]

cat /dev/urandom | tr -dc 'a-d' | fold -w 64 |sed -e 's/.\{4\}/& /g' | head -n 16

In my humble opinion: an answer without the said number can clearly be seen as proof that you can neither calculate nor think logically and that your revolutionary theory (which you announced in the thread title) is as useful as a pile of cow shit on a pizza. (the list of foodstuffs is rather insignificant)

Re: Why it's ridiculously dumb having a 100% random password

Reply #54 – 07 January 2023, 03:19:35

Nope, you did not get it, as usual, 🤦🏻 there's 0 surprises in that.

The strongest BBP that will give us the LSP depends on the ratio between T (total chars) and S the length of the string we use.

@lq you hide behind that jazzy noobish command yet you can't input any math in the real problem as you're still umbilical attached
with that joke of a philosophy valid only for kids in short pants 😏

Re: Why it's ridiculously dumb having a 100% random password

Reply #55 – 07 January 2023, 04:46:20

This is starting to look like a trolling thread since it is appears to be going into personal attacks than actual information.

Re: Why it's ridiculously dumb having a 100% random password

Reply #56 – 07 January 2023, 13:16:46

Quote from: Surf3r – on 07 January 2023, 03:19:35

... the ratio between T (total number of characters) and S, the length of the string used.

So you confirm yourself that your assertion (thread title) is FALSE.

And the stupid line of code proves that everyone has enough entropy to create a secure password.

Re: Why it's ridiculously dumb having a 100% random password

Reply #57 – 07 January 2023, 18:04:33

Nope, rock solid proof incoming, see prt screen bellow.

Side note. I'm gonna name BBP as a simple B for simplicity but that's for the future

Managed to put together things in a more digestible shape and even have a FORMULA so everyone can calculate what BBP should
adopt and when depending on their desired STRING length and Total chars used (search space depth, i.e 94)

If anyone is trolling, it's not me.

I guess can be made a script to automate things up so a user should just input its S and T and the Output
should spawn a LSP string in the right BBP. Think a python script should do the job just a OK

If anyone see any flow in the Formula or any other spot, feel free to just say.

Enjoy

Re: Why it's ridiculously dumb having a 100% random password

Reply #58 – 07 January 2023, 18:30:00

Quote from: lq – on 07 January 2023, 13:16:46

And the stupid line of code proves that everyone has enough entropy to create a secure password.

I'm not saying is not secure I'm just saying mine is more secure

and therefor choosing a random password is simply OBSOLETE
science.

Also in case any one of you guys didn't noticed yet i've just pushed from an arbitrary split (reply #1) to a split based on rep. non rep. and even how many rep. BBP

Reply #1 did not take the fundamental QUESTION of the need of rep or no rep. or how much rep it was just a simple arbitrary split but now we reached a deeper rabbit hole that most only dream about.

Still improvements can always pop from where you expect the least.

Next I'm gonna be explaining why a ONLY ONE rep. BBP prevails vs any other when conditions are met. But that for the next coming days.

Roger and out.

Re: Why it's ridiculously dumb having a 100% random password

Reply #59 – 10 January 2023, 09:22:46

The reason STRING LENGTH MATTER is because when STRING short it has lower amplification factor

A[T,(S-1)]*3(S-2)

So the loss in the first factor A[T,(S-1)] attenuates when string is longer in the second factor 3(S-2) and ultimately when S exceeds certain length (S >25, T=94) the
result will make BBP with 1 rep numerically bigger than BBP with no rep.

When S goes up the overall amount is pushed little by little in favor of the BBP with ONE repetition.

Have to test now if we can talk about a third BBP when string length exceeds 63 (not interesting in real world, cos nobody would
choose longer than 63 or 64 string)

The third BBP can have the form of 22111111111... etc TWO repetition instead of just ONE

I have to determine same, if the loss from the first factor can be overwhelmed by the second factor thru the length of the S

But I give few chances of that happening at all at any S length.

Has to be determined.

But for now the conclusion that has to be drawn is that we have till now not 1 but 2 best BBP depending on the string length

When S ≤ 25 LSP will be inside a NO rep. BBP, in the form 111111...25
while
When S ≥ 26 LSP will be inside THE LEAST rep. BBP, in the form 21111..62

Lastly it has to be determined if there is a chance of a third BBP when S > 63 in the form of 221111...? I give few chances of this to hit reality. though. But have to put my mouth where the math is.

So stay tuned