AMD is Investigating a Potential 450 Gb Data Breach

[Chrispy_]

this RansomHouse group should be destroyed and people prosecuted

Ah yes, let's prosecute the anonymous black market that exists only because it's managed to evade all law-enforcement to date.
Prosecution is definitely the solution!

 

[Deleted member 185088]

Apparently the best type of passwords are just 3 random words, treescooterracoon

https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words

Interesting read. Especially now with multiple accounts having random words require to remember can really help, maybe having random words in a different language (e.g. Chinese words written in Latin).
Thanks for sharing

 

[Chrispy_]

Interesting read. Especially now with multiple accounts having random words require to remember can really help, maybe having random words in a different language (e.g. Chinese words written in Latin).
Thanks for sharing

correct horse battery staple

 

[Kohl Baas]

That would be peak irony! Or, you know what's even better? If they were hacked via some backdoor!
Oh, wait! There are no backdoors!

No. Being AMD the peak irony would to be hacked through one of the Intel ones through an Intel machine.

 

[zlobby]

No. Being AMD the peak irony would to be hacked through one of the Intel ones through an Intel machine.

I agree.

 

[bug]

Apparently the best type of passwords are just 3 random words, treescooterracoon

https://www.ncsc.gov.uk/blog-post/the-logic-behind-three-random-words

So... basically anything in German will do?

 

[MarsM4N]

So... basically anything in German will do?

That's basically unhackable then. Guess these has to be the 3 longest German words:

Donaudampfschifffahrtselektrizitätenhauptbetriebswerkbauunterbeamtengesellschaft
Grundstücksverkehrsgenehmigungszuständigkeitsübertragungsverordnung
Donaudampfschifffahrtsgesellschaftskapitänswitwe

To be fair, most of these words are invented by buerocrats, not used by the average joe. Funny part is the buerocrats also create a shortened version of these words for their law books, and everyone then has to google what it actually means. F.e. "Telekommunikationsüberwachungsverordnung" = § 1 "TKÜV"

 

[bug]

That's basically unhackable then. Guess these has to be the 3 longest German words:

Donaudampfschifffahrtselektrizitätenhauptbetriebswerkbauunterbeamtengesellschaft
Grundstücksverkehrsgenehmigungszuständigkeitsübertragungsverordnung
Donaudampfschifffahrtsgesellschaftskapitänswitwe

To be fair, most of these words are invented by buerocrats, not used by the average joe. Funny part is the buerocrats also create a shortened version of these words for their law books, and everyone then has to google what it actually means. F.e. "Telekommunikationsüberwachungsverordnung" = § 1 "TKÜV"

I'm just gonna leave this here: https://www.leselern-paten.org/die-hottentottenstottertrottelmutter/

 

[zlobby]

I'm just gonna leave this here: https://www.leselern-paten.org/die-hottentottenstottertrottelmutter/

Nobody seen Suomi or Hungarian?

 

[DeathtoGnomes]

That's basically unhackable then. Guess these has to be the 3 longest German words:

Donaudampfschifffahrtselektrizitätenhauptbetriebswerkbauunterbeamtengesellschaft
Grundstücksverkehrsgenehmigungszuständigkeitsübertragungsverordnung
Donaudampfschifffahrtsgesellschaftskapitänswitwe

To be fair, most of these words are invented by buerocrats, not used by the average joe. Funny part is the buerocrats also create a shortened version of these words for their law books, and everyone then has to google what it actually means. F.e. "Telekommunikationsüberwachungsverordnung" = § 1 "TKÜV"

Well there is supercalifragilisticexpialidocious to consider too.

 

[Vayra86]

correct horse battery staple

Yeah I always use that one, its the safest

 

[Valantar]

Yeah I always use that one, its the safest

I wonder how many password brute-force scripts include that as a guess just in case

 

[bug]

I wonder how many password brute-force scripts include that as a guess just in case

Not that one, in particular, but I wouldn't be surprised of they used 2-6 word combos. You can still foil that with capitalization, l33t 5p34k and some punctuation, without making the password hard to remember.

 

[Valantar]

Not that one, in particular, but I wouldn't be surprised of they used 2-6 word combos. You can still foil that with capitalization, l33t 5p34k and some punctuation, without making the password hard to remember.

I meant that one in particular - after all, if there's one lesson to learn in these kinds of things it's to always make the stupid guesses.

You're probably right about the word combos, but even three words is a LOT of guesses. I've read that a native English speaker will know ~40 000 words (but use about half with some frequency), while a dictionary can contain 300 000 entries (though not all of those are "words" in a strict sense. So let's go with common words - two is 20 000^2, or 400 million guesses. That's not really secure, just a tad more than a six-letter password with only the 26 English non-capitals. But three? 8 trillion combinations. Six? 6.4*10^24 combinations. That's... 6 400 000 000 000 000 000 000 000 possible combinations. That sounds like a "maybe before the heat death of the universe" type of situation. (And we're still talking all lower case!) So I doubt any brute-force scripts include six-word combinations, unless they're using massively reduced word lists.

 

[Deleted member 24505]

I meant that one in particular - after all, if there's one lesson to learn in these kinds of things it's to always make the stupid guesses.

You're probably right about the word combos, but even three words is a LOT of guesses. I've read that a native English speaker will know ~40 000 words (but use about half with some frequency), while a dictionary can contain 300 000 entries (though not all of those are "words" in a strict sense. So let's go with common words - two is 20 000^2, or 400 million guesses. That's not really secure, just a tad more than a six-letter password with only the 26 English non-capitals. But three? 8 trillion combinations. Six? 6.4*10^24 combinations. That's... 6 400 000 000 000 000 000 000 000 possible combinations. That sounds like a "maybe before the heat death of the universe" type of situation. (And we're still talking all lower case!) So I doubt any brute-force scripts include six-word combinations, unless they're using massively reduced word lists.

So 3 random words is pretty secure, can see why it is recommended.

 

[bug]

I meant that one in particular - after all, if there's one lesson to learn in these kinds of things it's to always make the stupid guesses.

You're probably right about the word combos, but even three words is a LOT of guesses. I've read that a native English speaker will know ~40 000 words (but use about half with some frequency), while a dictionary can contain 300 000 entries (though not all of those are "words" in a strict sense. So let's go with common words - two is 20 000^2, or 400 million guesses. That's not really secure, just a tad more than a six-letter password with only the 26 English non-capitals. But three? 8 trillion combinations. Six? 6.4*10^24 combinations. That's... 6 400 000 000 000 000 000 000 000 possible combinations. That sounds like a "maybe before the heat death of the universe" type of situation. (And we're still talking all lower case!) So I doubt any brute-force scripts include six-word combinations, unless they're using massively reduced word lists.

I wanted to write 2-4 initially. But then I felt a little more generous

In a nutshell, if I were to write such a tool, I would add at least some heuristics, looking for low-hanging fruits, in addition to brute forcing.

 

[zlobby]

I wanted to write 2-4 initially. But then I felt a little more generous

In a nutshell, if I were to write such a tool, I would add at least some heuristics, looking for low-hanging fruits, in addition to brute forcing.

Assuming zero prior knowledge of your target, and your target follows good security practices, you'd need to go quantum.

 

[Athlonite]

So 3 random words is pretty secure, can see why it is recommended.

7 is better

It would take a computer about

4 quintillion years

to crack your password

so good luck hackin me wifi pword

 

[Valantar]

so good luck hackin me wifi pword

That's exactly seven words

 

[Why_Me]

Nobody seen Suomi or Hungarian?

Finnish and Estonian always seems easy on the ears. Probably harder than h3ll to learn but it still sounds pretty cool imo. JRR Tolkien was a big fan of that language.

 

[Athlonite]

That's exactly seven words

Oh yeah so it is but it's not the seven I use though

 

[Valantar]

Oh yeah so it is but it's not the seven I use though

That's what you're saying now, sure