Luc

Size matters… but only to a certain point! I’ve cracked longer ones from e.g. the LinkedIn password dump for a school project

The reason this works is because they’re not random characters. People use 111111(etc.) as password (perhaps because it’s funny), repetitions of shorter passwords, a phrase that can be found on Wikipedia or elsewhere (“Maryhadalittlelamb” — for some reason people always remove the spaces, even if they write it down with spaces on paper when putting e.g. the WiFi password on a whiteboard! Drives me mad), words optionally with leet$p3ak (words are about half as random per character as random characters are, and that’s assuming people would pick entirely random words), and other predictable things

The number of characters is thus rather meaningless for the password strength, besides calculating a lower bound

I’d say:

1. Use a randomly generated password. Memorise only a few, like for your disk encryption, password manager, bank login, and probably a few others. It’s a bit more difficult than memorising a mobile phone number but not by much
2. Make sure it’s random enough, usually measured in bits. More is better, I forgot what we expect a (non-quantum) computer to be able to do exactly in 20 years but it’s on the order of 80 bits, which would be ceil(log(2^(80))/log(26+26+10))=14 characters when you use lowercase letters, uppercase letters, and digits, or ceil(log(2^(80))/log(6667))=7 Diceware words if I remember correctly that the dictionary contains 6667 words. Adjust to the character set or dictionary you use and the desired strength
3. Use it regularly. You’ll forget ones you’ve not used for several months. Don’t want that to happen to my 2FA token backup, for example. If you don’t naturally use them regularly, set reminders to check it, or store the password in a safe place if possible (offline, and perhaps look into secret sharing schemes for this)

If you know something will use a strong password hashing function like Bcrypt or Argon2, especially if you can set a good number of rounds/memory to be used, the requirements can be relaxed but I find it easier to have a few definitely-secure passwords than to try to seek out the edge of what’s safe

When you use a TPM or HSM or whatever a given variant is called (like a smartcard), such that you can only do a limited number of attempts in the first place, a few digits may be enough for your needs (PIN code). Mobile phones and modern computers often have these, but they’re also often broken. Needs physical access though, so it again depends on what kind of threats you think are realistic for your situation

Do switch to Argon2 in LUKS, but not out of fear please. Know that your password is good based on the maths and then upgrade at leisure :)

The cross-section between high volume and easy to make

• Vegan replacement products? Easier to make than animals, but low volume so it’s more expensive than it needs to be (and often in a higher tax bracket, classified as candy or whatever)
• Eggs? Needs healthy animals
• Bananas are clones of each other. Might become an issue at some point, might not. Apples, too, but there’s many more variants
• Maize, tomatoes, potatoes? Grown by the bazillion, cheap, afaik needn’t be clones of each other to get (something close enough to) the desired product
• Rice? The pre-boiled stuff is afaik around the same price as the raw product, that’s how large the volumes are

Just as a small note just in case, since this data is quite irreplaceable: raid isn’t backup. Especially if the drives are of the same model, they’re fairly likely to fail at the same time. Speaking from experience sadly

I use restic for off-site backups, hosted with a friend

Eyeing the replies, does not one other person here get results constantly flooded with content farms? They’ve gotten significantly worse

But then, I don’t use Google so maybe this is still better than Google Search?

It started maybe three years ago, around the same time as LLMs became usable for this, but I’m pretty sure >50% are human-written still. Probably the LLM generates the structure (saves any time they’d have to spend coming up with plausible-sounding texts) and someone from a low-income country is contracted to make it look more legit

Of course, queries for topics that have a Wikipedia page get Wikipedia first, recipes get tons of big-name recipe sites, products get stores. But when there’s no obvious market around a topic, 3~4 out of 5 results are content farms pretending to have useful information to show unwary visitors ads

(As an alternative, I still have to try Kagi properly. It seemed on par with DDG when I did a few searches last year, but then their payment processor refused me trying to load my account, support was unhelpful, and I’ve gotten sidetracked since)

OpenStreetMap contributor here. What address format isn’t supported? Maybe I can help

Tried OpenStreetMap? Quality varies by country though

The fictional version of it is apparently named after soy and lent (the religious fasting thing, I guess), TIL. But the real-world version literally has meal replacement in the Wikipedia page title. Was looking for a reference from the creator stating their goal but Wikipedia said unreferenced (at the time that I wrote the Dutch translation in 2014) that it’s supposed to be nutritionally complete. The English page was shortened considerably since then, dunno why but this part is gone. That’s how it started and was marketed though, so that’s what makes it that by definition in my mind. If they’ve strayed from their raison d’être, idk what they are anymore

The definition of soylent is that it contains all nutrients you need. What’s the multivitamin pill for?

Well don’t leave us hanging