[HN Gopher] Insult Passphrase Generator
___________________________________________________________________
Insult Passphrase Generator
Author : rkta
Score : 214 points
Date : 2024-03-13 05:47 UTC (17 hours ago)
(HTM) web link (cheswick.com)
(TXT) w3m dump (cheswick.com)
| fileeditview wrote:
| You can even mutter them while entering the password and nobody
| will suspect that it's an actual passphrase.. just the typical
| nerd talking to her/his computer.
| senectus1 wrote:
| You heartrending pocket flask of malignant Turkish cat burp
|
| Any idea how we get this added to Bitwarden? :-D
| mdaniel wrote:
| I didn't go chasing through all the typescript but I'd
| presume adding a new PassphraseGenerationStrategy https://git
| hub.com/bitwarden/clients/blob/desktop-v2024.3.0/...
| (related: https://github.com/bitwarden/clients/pull/7690 )
| qwertox wrote:
| `You depressive china of noxious burro deer slabber`.
|
| Is it just me thinking that it's not ok to have China in the
| nouns list? Or do we also find "united states of america" or
| "germany" in there?
| Dalewyn wrote:
| Insults in an insult generator is a problem how?
| me_jumper wrote:
| "China" is a term used for fine dishes made from porcelain as
| far as I'm aware (non-native speaker myself)
| ragtagtag wrote:
| In this case, I suspect "china" comes from Cockney rhyming
| slang, "china plate", "mate", as in "friend".
| re wrote:
| No, it's referring to the tableware -- every word in that
| position for all the phrases is a container of some sort
| (or at least a thing that can contain other things).
| cynicalsecurity wrote:
| But China under CCP is actually depressive.
| duncans wrote:
| Lowercase 'c' makes it pretty clear it's not the country ...
| you tiresome tumbler of nephritic laughing jackass soot.
| senectus1 wrote:
| yup..
|
| seen several Capitalized names of places
|
| You disagreeable lota of plagued Japanese spaniel chaff
|
| You unpretty hipflask of neuritic Colorado beetle excretes
|
| You wearisome clothesbasket of envenomed Yorkshire terrier
| feces
| MikusR wrote:
| It's not names of places. Japanese spaniel is a dog breed.
| Colorado beetle a beetle. Yorkshire terrier another dog
| breed.
| joveian wrote:
| Oh, I didn't know until now that Brussels griffon is a
| kind of dog. I got this one:
|
| You ill-proportioned GI can of plagued Brussels griffon
| dribble
| mlhpdx wrote:
| Ironic that china (the dish ware) was coined[1] for a common
| source of porcelain at the time, China?
|
| [1] https://en.m.wiktionary.org/wiki/china#English
|
| Edit: Capitalization
| input_sh wrote:
| It's lowercase, so it's probably not China the country but
| china as in porcelain.
| Culonavirus wrote:
| Come on, there's reasonable (n words would probably not be the
| greatest even in an insult generator), and then there's what
| you're complaining about. China is a country that is viewed
| negatively by most of the western democratic countries. And for
| a good reason. If you equate China with Asian, implying racism,
| that is your own bias speaking.
| zztop44 wrote:
| Probably reasonable people would differ on whether
| unfavourably viewed (by the West) countries, such as Iran,
| Cuba, Palestine, or Saudi Arabia are disliked for good reason
| or not.
|
| I agree with other comments that "China" in this context is
| intended to refer to porcelain. However including "Persian"
| (rugs?), "Cubano" (cigars?), "Afghan" (dogs?), or Arab
| (numerals?) as nouns in your cute online insult generator is
| probably a bad idea.
|
| Edit: I see that "Boston" and "English" are also included as
| insults. At least with those there can be no doubt.
| Ylpertnodi wrote:
| Boston, USA or Boston UK?
| krallja wrote:
| Dog breeds like Boston (terrier) and English
| (setter|bulldog|...) are included in the animals list.
| indigoabstract wrote:
| I think 'You elephant in a china shop' needs to be in there
| too, so everyone can be at peace.
| lupusreal wrote:
| Imagine actually being insulted by an insult generator.
| enriquto wrote:
| > Each entry has about 42 bits of randomness. Queries are not
| recorded. Randomness is probably as good as the random resource
| in the operating system.
|
| Hmmm. Such a statement should be backed by proof, not by trust.
| Until you can run the code locally you can't assume that any of
| these things is true. As far as we know, this can be a reverse
| password harvesting scheme.
| Dalewyn wrote:
| While what you say is absolutely true, a cursory skim of the
| website's webmaster's profile[1] suggests he would be putting a
| lot of reputation on the line if he were acting maliciously.
|
| [1]: https://cheswick.com/ches/cv/index.html
|
| EDIT: Pardon my sudden lack of linguistic finesse, clearly the
| beer I had tonight was good.
| FartyMcFarter wrote:
| That's what they want us to think.
| blooalien wrote:
| I refuse to believe their beer was good without proof.
| debesyla wrote:
| Until we try out the beer locally we can't be sure.
| tomas789 wrote:
| It could be a research project so it might still have some
| neferious purpose to it.
| InsomniacL wrote:
| When I get hold of good beer, linguistic finesse is not a
| quality that emerges.
| Culonavirus wrote:
| I use https://www.useapassphrase.com/ since forever and that
| uses client side generation (i.e. the password never leaves
| your browser). And speaking about passphrases... I find it
| borderline insulting that many sites still use the archaic
| "whateveR1@" format, like, dude, I just gave you sentence worth
| of words that will take a bazillion more years to crack than
| passworD1@ ... some people just learn something in school and
| then use it for 20 years, I swear.
| lupusreal wrote:
| Do you vet the JS this site sends you every time you use if,
| or do you trust that because it was client side in the past
| it will always remain so? Also, picking four random words
| "meat side" is pretty easy in my experience, but using a
| client side (not browser) password manager neatly solves the
| "inane password complexity requirements" problem.
| codetrotter wrote:
| This is an opportune moment to plug my command-line
| passphrase generator.
|
| Open source, runs on your machine.
|
| It makes passwords like: tiptoeing
| saxophone wholesaler luxurious leftover codeword eruption
| gnarly skies taco username affidavit
|
| I named it pgen
|
| Get it from https://github.com/ctsrc/Pgen
| keybored wrote:
| I use a 1000-line word list, head(1), shuf(1) and then
| tr(1) to join the lines.
| yjftsjthsd-h wrote:
| I've just been using shuf -n 5
| /usr/share/dict/words
|
| and then manually typing them in, optionally adding any
| special characters or whatever the particular site
| requires. Changing 5 as needed, of course.
| codetrotter wrote:
| One of the neatest bonuses that you get from using pgen
| instead is that it can also tell you the amount of
| entropy of passphrases that each combination of settings
| (wordlist, number of words) will produce. This alone
| should ideally be reason enough to adopt pgen :)
| brookst wrote:
| If nothing else that would force me to finally learn to
| spell affidavit. Or just give on on whatever I locked
| behind that phrase.
| zoky wrote:
| Have you, uh... had a lot of opportunity to misspell
| "affidavit"?
|
| If so, please let me know the name of your SaaS so I can
| steer well clear of it...
| brookst wrote:
| It's one of those words I use just rarely enough to never
| learn how to spell, like supeena, deeposition, and
| perjery.
| kodis wrote:
| I occasionally use words that I have trouble spelling as
| part of a password. I learn 'em fast, let me tell you!
| thewakalix wrote:
| Sounds like "Word Disassociation".
|
| https://genius.com/Lemon-demon-word-disassociation-lyrics
| jamesponddotco wrote:
| I'll go with the flow and plug mine too, called acopw
| (get it, Accio Password, I'm so funny):
|
| https://git.sr.ht/~jamesponddotco/acopw-cli
|
| It can generate diceware passwords, random passwords,
| PINs, and UUIDv4.
|
| It uses my own Go module for this, which comes with a
| list of words with over 23 thousand words:
|
| https://git.sr.ht/~jamesponddotco/acopw-go
| bmacho wrote:
| > Do you vet the JS this site sends you every time you use
| if,
|
| Hit ctrl+s
|
| Which you should do even if you fully trust the website
| owner anyway
| ciroduran wrote:
| Obligatory xkcd https://xkcd.com/936/
|
| Great username btw
| jsjohnst wrote:
| It bothers me how much folks parrot this XKCD, especially
| using it to imply passphrases are superior. They are in
| fact not! Four common words are definitely easier to
| remember, but is it really feasible to remember hundreds
| (thousands?) of truly unique four word combinations easily?
| I would argue strongly it's not for most people, so then
| you're still using a password manager for the vast majority
| of passwords. Yes, you still need to remember a few, where
| then passcodes are ok. Also, many sites have arcane
| password complexity requirements (protip site owners, the
| only thing that really matters is length) which may not
| allow for your passphrase as suggestingly formatted by
| XKCD, thus needing a password manager more.
|
| If we are using a password manager as we should be, there
| is no real justification for using memorable passwords for
| the majority of passwords. Let's use the example from XKCD:
|
| correct horse battery staple = 2048^4 = 2^44
|
| If instead we use the same length of 28 characters with the
| full range of characters allowed by most websites:
|
| M4Uk@gQRU!JFgwlI6MV$VV39TEA. = 70^28 = ~2^172
|
| Dunno about you, but I'll gladly take significantly more
| entropy with zero extra cost any day.
| bigfudge wrote:
| What about your login password though? Or an email
| password which you occasionally need to access on a
| machine you don't control? Those are the passwords where
| I use a passphrase.
| jsjohnst wrote:
| > What about your login password though? Or an email
| password which you occasionally need to access on a
| machine you don't control?
|
| >> using a password manager for
|
| >> the _/ vast majority/_ of passwords
|
| Added emphasis to what I said previously to show I had
| answered that already.
| SushiHippie wrote:
| I don't remember all of them and I use a password
| manager, that's true.
|
| But If I need to login on a device where my password
| manager is not installed, or you can't use a password
| manager (e.g. windows UAC prompt, linux tty), it will be
| way easier to open my password manager on my phone and
| type a password rather than a long random string.
|
| I don't use a passphrase for every login, but for some
| logins where I think it could be benefitial to easily
| type it without using autofill I use them.
| jsjohnst wrote:
| > for _some_ logins where I think it could be benefitial
| to easily type it
|
| See my reply to sibling commenter, I had already covered
| this case in my original post.
| GoblinSlayer wrote:
| UAC supports clipboard, I use managed passwords with it.
| bookofjoe wrote:
| >I don't use a passphrase for every login, but for some
| logins...
|
| >I don't always drink beer, but when I do...
| NoGravitas wrote:
| Yep. For most logins, a password manager is the way. But
| there are some you are simply going to have to or want to
| remember (password manager key, workstation login), and
| for those, passphrases are better.
| KoolKat23 wrote:
| And if you were to add a few additional characters
| scattered within the passphrase?
| FabHK wrote:
| The XKCD is not arguing against password managers. It is
| arguing against websites mindlessly imposing silly rules
| on passwords, as you are.
| hn_acker wrote:
| Indeed, the XKCD comic Password Strength does not argue
| against password managers, but sometimes when someone
| posts that comic I wonder why they need to come up with a
| memorable password given that password managers exist.
|
| Secondly, jsjohnst was not supporting silly password
| rules, merely pointing out that a password manager can
| make the password rules less of a hassle to comply with
| [https://news.ycombinator.com/item?id=39690528]:
|
| > Also, many sites have arcane password complexity
| requirements (protip site owners, the only thing that
| really matters is length)
| Tcepsa wrote:
| Doesn't the assertion that _correct horse battery staple
| = 2048^4_ require the attacker to know that you 're using
| this pattern?
| joveian wrote:
| It might make a slight difference or it might not, but
| you can't know that it will so best to assume that it
| doesn't. In practice the amount of computing power
| actually available is going to make much more difference
| than the method used.
|
| IMO, pass phrases only seem useful if you have a quite
| insecure password. It is ideal to aim for 115-128 bits of
| entropy, which is not that bad with just random lower
| case letters and numbers (24 characters is good) but
| turns into a long and complex passphrase. To learn a
| random password write it down (split into groups of 6ish
| characters) and copy it from the paper for 2-4 weeks (do
| not try to guess until you are almost certain your guess
| is correct).
| frizlab wrote:
| I use Safari's password generation and keychain. Works great
| and has readable passwords.
| lsllc wrote:
| I do the same and it usually only takes a few days to a
| week to learn a 16 character pretty random looking
| password, which with an 6-monthly change-your-password-rule
| is no big deal.
| rokkitmensch wrote:
| Or just increment a token in the already-secure password
| you're being forced to rotate like a sane person.
| consp wrote:
| The [capital, number, special] scheme reminds me of the
| passwords at my uni. Everyone got a plaintext stored (you
| could recover and get the pw back, I doubt there was any
| encryption) 7 digit (yes digit, not alphanumeric) password
| for your account. After a while these were "upgraded" to 8
| and must contain a letter. So the amount of [7 digits]+a
| passwords were massive. They then upgraded to "must contain a
| lower and upper case" and you got [7 digits]+a+A passwords,
| after which a special character must be included and the [7
| digit]+a+A+! was born...
|
| Security is no issue if you don't care. They did abolish
| unhashed storage after a while (and a while is really quite
| recent).
| losvedir wrote:
| Ha, pretty much exactly this stand up bit:
| https://youtu.be/aHaBH4LqGsI?si=Zs2IvRUqtIrn9KH8 .
| maicro wrote:
| Reminds me of default passwords on wifi routers a decade
| ago - ATT especially had a very identifiable SSID format
| (ATT###), and a default 10-digit password. That leaves you
| with (9,999,999,999 + 1 =) 10 billion[1] passwords
| possible, which even at that time only took a couple hours
| to test all of them. That SSID pattern also left you with
| only 1,000 possible SSIDs, so a rainbow table was
| definitely reasonable.
|
| [1] - though now that I think about it, that might not
| properly cover the case of leading zeroes in the password,
| so the total number of possible passwords might be larger
| than 10B; that's assuming a naive password list generated
| just from numbers, not from treating the digits as
| characters, so I need to reason about this a bit more...
| amenhotep wrote:
| It's O(10 billion), so your intuition is good regardless
| :) passwords with ten 10-digits: 10x10x... = 10^10 = 10
| billion, passwords with nine digits = 10^9, etc etc down
| to 11,111,111,110 (I don't think we should count the
| empty password). The full length password dominates the
| size of the keyspace so much that you more or less get
| truncations for free.
| brewdad wrote:
| Eh, that's still better than my days at Uni where my
| student ID was my Social Security Number and grades were
| posted outside the classroom as a sheet with everyone's SSN
| and their scores.
| usrusr wrote:
| So this is basically the swordfighting sim in the Snow Crash
| metaverse (well, The metaverse, this one does not require a
| qualifier), but ported to Monkey Island. Should we take Hiro
| Protagonist's swordplay acumen as a warning to question the
| promised randomness?
| throw0101d wrote:
| > _Such a statement should be backed by proof, not by trust._
|
| Just noting that "Cheswick" is the dude that literally
| (co-)wrote the book on firewalls (1e in 1994):
|
| *
| https://en.wikipedia.org/wiki/Firewalls_and_Internet_Securit...
|
| * https://en.wikipedia.org/wiki/William_Cheswick
|
| * https://en.wikipedia.org/wiki/Firewall_(computing)
| enriquto wrote:
| Is this some sort of argument from authority? I'm not
| accusing the author of anything.
|
| But now that you mention him, the man was working at Bell
| labs during the time when Ken wrote his famous essay
| "reflections on trusting trust". If he shared just a small
| part of his colleague's spirit, it would be irresistible to
| him to log all passwords that thousands of people may decide
| to use. Mainly as a conversation starter, not to do anything
| bad with these passwords. Maybe he's gathering cool stories
| in case of a hypothetical Turing award in the future?
| Hnrobert42 wrote:
| It is an argument from authority, but such a critique is
| less relevant in this context. This is not the examination
| of a logical argument.
|
| GP was arguing that OP is trustworthy because he has a
| reputation to maintain.
| throw0101d wrote:
| > _GP was arguing that OP is trustworthy because he has a
| reputation to maintain._
|
| I, the GP, is arguing nothing of the sort.
| TedDoesntTalk wrote:
| I'm very fortunate I do not live with your kind of
| paranoia.
| Maskawanian wrote:
| Is it paranoia to have proper security practices? You
| should strive to be excellent in everything you do. I do
| not think that targeting the GP with an ad hominem attack
| is a valid argument.
| blackmesaind wrote:
| The fact that you are using the internet means that you
| have implicit trust in much less trustworthy entities
| than a known security researcher.
|
| That being said, there's no need to use 3rd party
| password generators, if you can make your own.
| Maskawanian wrote:
| Ok sure, but you're moving the goalposts. The OP was
| talking specifically with respect to using a non client
| side password generator. As a joke it is funny, but only
| a fool would use a password generator that can't be
| audited and that may be logged.
| TedDoesntTalk wrote:
| > only a fool would use a password generator that can't
| be audited and that may be logged.
|
| Really?
|
| 1. It's from a known-reliable source
|
| 2. Even if the password is stored, logged, broadcast
| around the world for billions to see, so what?
|
| A. Source has no way to know if the user used the
| password anywhere or saved it
|
| B. Source doesn't know who the user is
|
| C. Source doesn't know in which website or resource the
| password was used.
|
| So... I stand by my paranoia claim. I wouldn't go so far
| as to call you foolish like you did me, but I'd say such
| a world view will not be a net gain for you over your
| lifetime. You'll have difficulty delegating work. You'll
| have major trust issues. Maybe you already do. But as
| they say, "you do you."
| john-radio wrote:
| It's the long con!
| dylan604 wrote:
| According to the movie, the Enigma was broken because each
| message closed with the exact same phrase in every message.
| These all start with the exact same word.
|
| However, anyone taking this thing as anything more than the
| jovial manner in which it is intended is not someone that
| understands a word of what you just said. So it's all just
| grandstanding for the sake of it
| danbruc wrote:
| 42 bit is not that much to begin with, you can brute force a
| simple cryptographic hash in minutes.
| wlesieutre wrote:
| Assuming that person trying to brute force your password
| knows that this passphrase generator exists and starts their
| search with all possible insult passphrases, otherwise
| they're searching in a much larger space
| danbruc wrote:
| Of course, searching through all eight word combinations
| will be quite a bit harder. But that does not really
| protect you that much. If you are attacking passwords, you
| will try increasingly large sets of possible passwords.
| After you have gone through the million most common
| passwords and so on, you will also sooner than later spend
| a few minutes on trying all those insults before moving on
| to all eight word combinations, at least if this generator
| becomes popular enough to warrant inclusion in an attack.
| roydivision wrote:
| Project name should be "Captain Haddock"
| Brajeshwar wrote:
| Superb. Loving it.
|
| I wish this was Open Source. I want to add quite a lot of pre-
| defined words that should come up more often than not. ;-)
| dijit wrote:
| I wrote an insult function for my company Slack bot back in
| 2016 - the bot had other uses for automating my dayjob.
|
| But it's pretty simple; here's the exported function:
| https://gist.github.com/dijit/3c3c9754b79fa961805172fb48c72b...
| Demcox wrote:
| This is why is why I pay for internet!
| coldtea wrote:
| What stops someone from adding anything generated by their
| "passphrase generator" to a brute-force dictionary?
| re wrote:
| Nothing, but the calculations about bits of randomness already
| assume that you know how the paraphrase is being generated,
| including all the possible words.
| Cthulhu_ wrote:
| Nothing, except that all possible combinations - assuming
| proper randomness - add up to A Lot of entries.
| coldtea wrote:
| If the generator author keeps a log of the generated phrases
| users his generator suggested,then it doesn't matter if a
| generator came with the phrase "upper class koala bear tango"
| with great randomness.
|
| If I take it and use it as my password, the generator author
| then has my password in his list.
|
| (If the generation happens on the client of course this
| doesn't apply, assuming it doesn't also phone home).
| andrewaylett wrote:
| True -- but absent logging, it should be absolutely
| possible to tell everyone how you generate your passwords
| without making them less secure.
|
| For example, I get 44 bits of entropy from
| https://atlas.aylett.co.uk/pw/, purely from the randomness
| of the words. Knowing that I used that script doesn't help
| you: there's no point in adding every permutation to a
| list, there are too many of them.
|
| If you _don 't_ know that I used this mechanism then you
| may be worse off, but I can't assume I'm better off.
|
| And obviously I'm happy using my own generator, but the
| reason I wrote it was because I didn't want to have to
| trust someone else's :).
| re wrote:
| A few interesting generations:
|
| > You malformed garbage can of podagric pig precipitations
|
| That alliteration for the second part is particularly pleasing.
| Although they wouldn't make good passphrases, it'd be fun to see
| an "oops! all alliterations" version of this.
|
| > You misbegotten locker of pathological coon cat [dial] dross
|
| I wonder how the "[dial]" slipped in there -- is it part of the
| animal list or the excrement list?
|
| Edit: after refreshing a few more times I've seen a few other
| tags attached to other words ("labis [eccl]", "painter [S US]",
| "budget [dial]", "scrip [archaic]"). I'm guessing that "dial"
| means dialect, and the words that went into this were scraped
| from some old version of Roget's Thesaurus.
| mdaniel wrote:
| > Roget's Thesaurus.
|
| well now I want to make one of these generators using cosine
| similarity and this "embeddings" thing all the kids are raving
| about to make passphrases where the words are related, making
| them even easier to remember, e.g. remember
| recall recollect reminisce
|
| or taking inspiration from those NYT games, ones where they
| differ by a letter, but I'm no good at that game so I don't
| have any examples handy
| weinzierl wrote:
| My dear friend Bowerick asked me about this and maybe someone can
| help him out:
|
| Is there a site that lists everyone in the entire universe in
| alphabetical order?
|
| Bowerick would like to use it for a project he is working on in
| his spare time - and he has a lot of that since his accident.
| amarant wrote:
| This seems very familiar.. Isn't there a plotline in The
| Hitchhiker's Guide To The Galaxy about someone travelling
| around apologising to the entire universe in alphabetical
| order, using a time machine iirc?
|
| Edit: Hah, my bad, I thought Bowerick was a HN user Google set
| me straight!
|
| Good one!
| chuckadams wrote:
| That would be Wowbagger the Infinitely Prolonged, and his
| mission was to _insult_ the entire universe, in alphabetical
| order.
| amarant wrote:
| I'm probably not gonna use these for my passwords, but there are
| some pretty awesome insults generated here!
|
| Is the source code available somewhere, and if so, under what
| license?
|
| I'm currently working on a tiny game, and this gave me the idea
| of having generated insults in the banter!
| tomtomtom777 wrote:
| Nice except that it is an absolute no go to generate these on the
| server.
|
| Why not port to JS and generate it on the client? Should be
| trivial.
|
| Yould should not encourage people to trust you.
| riskable wrote:
| Yeah! Only a, "distasteful mail pouch of ratty cuckoo dejecta"
| would use a 3rd party service to generate passphrases!
| jjbinx007 wrote:
| We issued temporary passphrases for new users once and thankfully
| checked them manually before issuing them. Even if you remove
| swear words it's amazing how random words put together could be
| interpreted as insults and slurs.
| Cthulhu_ wrote:
| "Absolute weapon" is a great one. I've heard "Prairie hat" be
| used as well for someone with an unfortunate hairstyle.
| riskable wrote:
| Randomly offensive passphrases aren't really a problem. There's
| only one person who's supposed to know it and if two or more
| know it then it's just temporary and up to the person who
| "owns" it to make a new one.
|
| Also, I don't care how sensitive someone is, if the tech that
| clicked the "Generate" button informs them, "it's just random
| words strung together :shrug:" how offended can you be? I mean,
| _seriously_?
|
| If anything we should be doing our darndest to _intentionally_
| make passphrases as offensive as possible so that people are
| encouraged to change them right away! Generating temporary
| passphrases for new employees? Feed a picture of them into an
| AI that 's trained to generate insults about their appearance!
| ziddoap wrote:
| > _Randomly offensive passphrases aren 't really a problem._
|
| They are absolutely a problem from a business perspective.
|
| > _how offended can you be? I mean, seriously?_
|
| Have you never worked in a customer-facing position?
| Customers get offended all the time.
|
| I mean, it's not really anyone's place to decide what is or
| isn't offensive to someone else. But even if a customer isn't
| actually offended, they may feign offense for purposes like
| discounts, preferential treatment, rage-baiting for internet
| points, etc.
|
| All of those scenarios suck for the lowly tier 1 customer
| service employee who has to deal with it, and sucks for the
| company.
|
| Much easier for everyone (customer, company, and the poor
| person who is actually dealing with the customer) to just...
| not send offensive passphrases.
| favorited wrote:
| When we started using hexadecimal-encoded identifiers as user
| watermarks, we had to replace all of the vowels with special
| characters because people were seeing slurs over their video
| player.
| DonHopkins wrote:
| Doctor Zachary Smith would love this for insulting the Robot on
| Lost in Space!
|
| Lost In Space - Dr Smith insulting the Robot:
|
| https://www.youtube.com/watch?v=wyH33DXusTY
|
| Jonathan Harris and PimpBot 5000 appeared on Conan O'Brien in
| 1998:
|
| https://www.youtube.com/watch?v=BlU0hs5j-W0
| xkcd1963 wrote:
| Add a pinch of passive agressiveness and I can guarantee you
| hackernews will love and use this
| Aeolun wrote:
| Today I learned about 20 new insulting English words.
| layer8 wrote:
| The first word doesn't seem very random.
| ourmandave wrote:
| Reminds me of _A Clockwork Orange_ quote...
|
| "Well, well, well, well. If it isn't fat, stinking billy goat
| Billy-Boy in poison. How art thou, thou globby bottle of cheap
| stinking chip-oil?"
| dghf wrote:
| So the template is 'You <adjective> <object> of <adjective>
| <animal> <noun>'.
|
| If there's about 42 bits of randomness, presumably there's an
| average of a bit more of 2^8 entries in each of those five lists?
| CoastalCoder wrote:
| This reminds me of the "Abuse" room from Monty Python's Argument
| Clinic [0].
|
| Shirley I'm not the only one.
|
| [0] https://youtu.be/uLlv_aZjHXc?t=42
| ornel wrote:
| I made a readable passphrase generator[0] (in Spanish) with a UI
| that lets you configure the sentence structure. It's all
| generated in the client and code is open[1]. According to my
| primitive calculations I get up to 9x bits of entropy
|
| [0] http://mirrodriguezlombardo.com/passphrase/
|
| [1] https://github.com/mir123/readablePassphraseJS-ES
| throw0101d wrote:
| Reminder of Diceware:
|
| > _Diceware is a method for creating passphrases, passwords, and
| other cryptographic variables using ordinary dice as a hardware
| random number generator. For each word in the passphrase, five
| rolls of a six-sided die are required. The numbers from 1 to 6
| that come up in the rolls are assembled as a five-digit number,
| e.g. 43146. That number is then used to look up a word in a
| cryptographic word list. In the original Diceware list 43146
| corresponds to munch. By generating several words in sequence, a
| lengthy passphrase can thus be constructed randomly._
|
| * https://en.wikipedia.org/wiki/Diceware
|
| * https://diceware.rempe.us/
|
| * https://packages.debian.org/search?keywords=diceware
| ggambetta wrote:
| You fight like a dairy farmer.
| riskable wrote:
| That's not an insult! Bovine nipple squeezers know how to
| moove... They'll milk your pride, dump it into a bucket, and
| pasteurize your very soul.
| ggambetta wrote:
| It 100% is an insult for men of low moral fiber and a certain
| age, at least until undergoing some rigorous training.
| arcastroe wrote:
| This is hilarious, I love these. If you're tempted to use one of
| these as your password, you probably have to choose the first one
| you see in order to maintain the desired 42 bits of security. You
| can't keep refreshing until you find one you like since the
| search space for a reaaaaally good one is probably much smaller
| than the search space of all combinations.
|
| (I acknowledge this site is mostly a joke and you'd be crazy to
| use any of these for an important password)
| hackan wrote:
| Do note that 42bits is way too low for a secure password. You
| should be targeting something over 77 bits [0], so you would
| need to combine 2 passphrases. Sound pretty hard to remember to
| me :P
|
| Shameless plug: I made a secure* passphrase and password
| generator in Python [1]
|
| [0] https://www.eff.org/es/deeplinks/2016/07/new-wordlists-
| rando...
|
| [1] https://github.com/HacKanCuBa/passphrase-py/
| ufo wrote:
| Would a lower complexity be enough, with proper key
| stretching?
| jihadjihad wrote:
| "You maladroit equine galvanic fastener"
|
| https://xkcd.com/936/
| ddoolin wrote:
| > You foul caldron of ulcerated flying squirrel detritus
|
| I kinda like this one.
| Findecanor wrote:
| In the early '90s, a dial-up BBS I frequently visited stored
| passwords in plaintext. The sysop read my pass phrase and banned
| me for it.
| tetris11 wrote:
| I remember in the 2010's when several popular forums swore that
| they never stored plain-text passwords, but then sent out
| emails to their users once they were hacked that their
| passwords have likely been compromised
| LordDragonfang wrote:
| I mean, if they didn't salt the hashes on a per-user basis,
| with even 2010s hardware it would be fairly easy to compute
| the hash of every password below a certain complexity and
| associate them with emails to get a set of login credentials.
| gwbas1c wrote:
| As far as I know, they ALL stored the password as plaintext. I
| ran VBBS and then Iniquity, and those stored the password as
| plaintext and visible to the sysop.
|
| I also suspect WIIV and Tele(can't remember the last part of
| the name) stored them as plaintext, but I didn't evaluate those
| as closely.
|
| I once caught someone calling into my BBS as another user, so I
| implemented a pseudo 2-factor authentication system that asked
| for some other details from the profile. I also added a script
| that made my co-sysops enter a whacky 2nd password in case
| someone used a vulnerability to download other users'
| passwords.
| makach wrote:
| Terrible and hilarious. Maybe not use it for your passphrases,
| entropy seems low? Also all sentences starts with "you".
| GauntletWizard wrote:
| Bill Cheswick is a cool dude. In the 80s and 90s, he ran the
| Internet Mapping Project, which was an attempt to collate the
| complexity that is our routing stack into something approachable.
| It also produced some really cool graphs:
| https://cheswick.com/ches/map/gallery/index.html
|
| As a young engineer, I had the opportunity to meet him at one of
| the tech conferences my dad was attending, where he gave me one
| of his printed copies of the internet map (and signed it). Hung
| on my childhood bedroom wall until my parents moved. Lovely
| piece.
| dejj wrote:
| Setting the seed would be great.
|
| I use a passwordcard[1]. When the paper dissolves, I generate a
| new one from the same seed and print it again.
|
| [1] https://www.passwordcard.org/en
| pmw wrote:
| This is great in that it creates a grammatically correct
| sentence, which really helps with memorization, and which is
| lacking in many other "passphrase generators" that are simply
| sets of disconnected words.
|
| Though password managers are useful, they don't obsolete
| memorization! At the very least, you need to memorize your
| password manager's master password. I also don't put extra-
| sensitive passwords in my password manager, such as for my email
| account, laptop OS, SSH key, employer enterprise account, etc. I
| probably have about ten passwords / passphrases memorized, and I
| don't think this'll ever reduce.
|
| To scratch my own itch, I created https://phrase.shop, which also
| generates grammatically correct phrases (not full sentences
| though), minus the insults. Hopefully you find it useful too!
| potemkinhr wrote:
| Good one, added it to my Powershell profile for the occasional
| giggle so I can invoke it on demand, feel free to reuse it
|
| function Insult { (Invoke-WebRequest -Uri
| "https://cheswick.com/insults")
| .ParsedHtml.getElementsByTagName("p")[2].innerText } #Outputs a
| random quality insult!
|
| Note: delete the space behind _insults ")_ Formatting
| -\\_(tsu)_/-
| threeio wrote:
| This reminds me of the mid 90s when we first started having
| servers in the colo and you'd need to give a Noc tech the root
| password to fix things.. our policy was to always have the most
| offensive root password so you'd never -want- to give it to
| anyone... god it was fun...
| lenerdenator wrote:
| Ah, when society had shame.
| failuser wrote:
| Nice. I get why "Russian" is an insult again, but "Irish"?
| BigParm wrote:
| I don't understand long passwords of dictionary words. Is an
| 8-word password not just an 8-character password?
___________________________________________________________________
(page generated 2024-03-13 23:02 UTC)