|
Main The Password Is Always Swordfish Discussion
There's a (possible) example from Rune Scape that may or may not count. If it does, I'm not sure if it counts as a Subversion or a reference. During the quest "The Hunt for the Red Raktuber" you are thrown in a jail cell and the only items you have to escape and sabotage the submarine are several different kinds of fish on a rack. The first part of this process is using an actual swordfish to pick your jail cell lock (this was a puzzle of finding out which fish to use). It's not a password, but comparing how reference heavy this quest series in Rune Scape is I doubt it wasn't an intentional reference to how often swordfish is a password.
Re: The Jet Alone's password in Neon Genesis Evangelion. First, the computer used to deactivate it is onboard the Jet Alone itself, in the middle of an incredibly radioactive room. There's a certain amount of security there. Second, the password wasn't MEANT to be all that secure (though let's face it, who would guess "hope" as a password on that thing?). It was more a symbolic thing, a statement of the Jet Alone being a new HOPE for the future.
There seem to be several entries on here that cannot be considered examples because they are good. I would argue that the musical password for the safe example from would actually be very good unless in the actual episode it was extremely easy to figure out the song chosen. This is also true for the Chrono Cross and Earthbound examples. Should there be a separate trope for unorthodox passwords like the examples I have listed?
The description of what a good Password makes is flawed at best.
The strength of a password can be calculated by the following formula:
(Number of characters in used alphabet, e.g. 52 for upper- and lowercase letters)^(length of password)
The result of the above represents how many different passwords an attacker would have to try to get the right one with 100% certainity, assuming he allready knew your alphabet and your password length.
The higher that number is, the better the password.
Now, a password like aK3_#Hö< is obviously better than a password like aksmeham, which prompted many people, including a disturbingly high number of wannabe specialists, to distribute the whole "the only secure password is one with numbers, mixed case letters and symbols" bull.
The fact is that you just have to make a password a bit longer than its W3ir_D counterpart and it will just be as secure, if not more. Compare the following two passwords:
kN4#`
kNeSpl
The first password (94^5 ~= 7.3 billions) is not even half as good as the second one (52^6 ~= 19.7 billions) and it is way harder to remember.
So in choosing good passwords, you should aim for length, not for special characters, numbers etc. (of course, in reality, 6 characters are too few, you should aim at 15-20)
Another wrong part in the article is that strung together phrases are weaker than random letters. This is true if you mean random letters of the same length as the words, but the way it's currently worded is that it's generally not good.
If you work with words, you have an "alphabet" that is as large as the number of words in your language and a password length that is equal to the number of words in your password.
(This is of course only true if a normal brute force attack wouldn't be faster than the dictionary one, which it would for a one-word-password like "is", but that's a detail)
Since the english language has about 170000 words in current use, a password like "swordfish" has a strenght of 170000^1 = 170000, which is so weak that a dictionary attack probably has it in less than a second.
yet, you can string random words together to an impressive length and still be able to remember it well (note: do not use real sentences. they're theoretically weaker because of the structure), even better that you would be able to remember a relatively short random mixed-case alphanumeric one.
Guess how many random words you would need to have a better password than "kN4#`". Two. yes, two words are enough.
cheeseironic is a better password than kN4#` (for both dictionary (eg trying word for word) and bruteforce (eg trying character for character) attack)
now, which of these is easier to remember, kN4#`, kNeSpl or cheeseironic?
Of course the third one.
(ch33seiron1c would, of course, be immensely better again than all three, because dictionary attacks on it would fail, improving it's strength from 170000^2 to 36^12, but then it would fall in the "normal" password territory at the top again, so that's beside the point here, which is that even strung together words can be strong passwords)
Moral of the story: Aim for length and don't be afraid to use normal words as long as you use several of them. All that random case, numbers, special characters etc just makes it hard to remember, prompting you to use too short passwords. Who would really go on and remember a 19-character mixed-case-alphanumeric password? nah, you go and use puny 8 characters ones, which are too short to really be secure, no matter what alphabet you use.
Now there's another problem that crops up way too often. Many services actually restrict your password length for some reason or another, so the stringing-words-together-approach fails, not because of its strength but because whoever made the form/program/etc with the too short pw field sucks. In my opinion, using as-long-as-allowed mixed-case passwords works best, no need for numbers and symbols.
I spare you other specifics like that most web forums use a 128 bit hash so passwords where alphabet^length > 2^128 make no sense etc.
Now, as you can see, if you bared with me, most of the article text doesn't make much sense, esp. calling a password that looks like cartoon-swearing a good one while condemning those that only contain characters, but as you also can see, I kinda suck at explaining that. Would be cool if someone who's better at explaining could update/correct the article
In the mid-1990s, I had just installed a high-end HP mini running Unix on a Friday, but the application software for it was to be installed the following Monday. So I installed the password cracking program Crack (see http://en.wikipedia.org/wiki/Crack_(password_software)
for a write-up) to have a run at the yypasswd (a distributed password file) file over the weekend.
When I came in Monday morning, I discovered that Crack had determined over two-thirds of the passwords. There were 6 accounts which had no password at all. Many of them fell to dictionary attack — there were users who had the word "password" and one or two who used "swordfish"; days of the week were popular for some reason. I am pleased to say that neither my password nor the root password were cracked.
I had a talk with my boss, who scheduled a meeting that afternoon with the Chief Information Officer and some other senior executives. I came out of that meeting with a new job, Unix Security Analyst. I spent the next month taking some courses, and after that a long time writing memos, procedure and standards documents and giving courses.
for a write-up) to have a run at the yypasswd (a distributed password file) file over the weekend.
When I came in Monday morning, I discovered that Crack had determined over two-thirds of the passwords. There were 6 accounts which had no password at all. Many of them fell to dictionary attack — there were users who had the word "password" and one or two who used "swordfish"; days of the week were popular for some reason. I am pleased to say that neither my password nor the root password were cracked.
I had a talk with my boss, who scheduled a meeting that afternoon with the Chief Information Officer and some other senior executives. I came out of that meeting with a new job, Unix Security Analyst. I spent the next month taking some courses, and after that a long time writing memos, procedure and standards documents and giving courses.
Replaced this:
With the current picture. Full disclosure, I am kind of Entry Pimping Archer at the moment but I really do think the new one illustrates the trope better.
With the current picture. Full disclosure, I am kind of Entry Pimping Archer at the moment but I really do think the new one illustrates the trope better.
I am less than persuaded. Honestly, even the general exchange from Horsefeathers only barely qualifies as this trope- the point of the gag isn't "the password is easy to guess"- it's the ludicrous verbal slapstick of the Marx Brothers we all know and love. This main reason the trope has this name is because it's heavily referenced as a classic password title- it has little to do directly with the trope, which is about guessing passwords.
The Marx Brothers image may be "more interesting", but that's only because it's a Visual Pun that has nothing to do with the trope. I'm puzzled that someone can not see the joke in the Archer image- you all do realize that this trope is about characters using easily guessed passwords like "Guest", "Password", or "123456789", right? I mean, just the fact that we can see the words he's typing onscreen and not asterisks is proof that the image is using the trope. Cripes, it's even a pun! That's, like a million tv tropes funny points!
On a related note, we need to work on the definition of Just A Face And A Caption, since people keep interpreting it literally. In the meantime, I've changed the picture back to the Archer image. Further discussion of this issue should take place in the image fixin'
forum, where a coherent consensus is more likely to be reached.
forum, where a coherent consensus is more likely to be reached.
Re: Lot R and the "mellon" password... correct me if I'm wrong, but isn't Moria a dwarven stronghold? The references to elvish make less sense in that context, IMHO.