An actual "incorrect answer" in my exam paper.

Seriously 😑🙄😒😓
Why 5? 🤐

@gitpush WPA doesn’t even accept anything less than 6... probably that’s why 🤔

Explaination: Your teacher's password is all 6 characters.

@CozyPlanes 😂😂😂😂

Mine are 127 chars long...

@Alice utf 8 emojis? Lol that’s a new level 😂😂😂
Thanks for the idea 😎😎🤗🤗

@Electrux @Alice Even Google doesn't allow Unicode chars in passwords.

@retnikt
Well... apple has a max 32 char password limit... 😅😅

@Alice amen to that 😌😌😎😎

http://random-ize.com/how-long-to-h...

Just enter five letters lol

the only secure password is rofl1234

My passwort is _iam.toodumb2makepass.words07 is that secure?

Your teacher is retarded, tell them an /actual/ professional is calling them retarded.

This is why we can't have nice things. Fucking dumbasses teaching retarded shit.

@Electrux WPA requires a passphrase from 8 to 63 characters so that point is invalid.

But doesn't "more than 8" fit in "more than 5" ?

Your teacher looks like a scripted telemarketer that only knows what's inside his box and can't think outside.

So according to them, having passwords longer than 8 characters is literally not a feature of a strong password

@Alice
Breaking login systems and databases with fun and insane passwords is my thing 😄

"Sarah uses a password to access her router"

admin

@Gatgeagent

2.2665199981465703e+34 years

@Dimmerworld
Well it's immune to wap attacks 😀

Here's another professional calling your teacher an idiot.

Heres an idiot calling your teacher an idiot.

My router does not even allow me to use less than 8.
My router is also calling your teacher and idiot.

Oh fuck my password is longer than 8 chars long I should trim it to 6 to make it safe!

@Alice a 1024 character password with 1 (one) utf emoji

You guys are very quick to judge the teacher even without knowing the context or seeing the full test

@azous well "more than 5" includes 6, 7, 8 and "more than 8", so the answer is not full. Also I believe the recommendation is AT LEAST 8 characters not MORE THAN 8 characters.

I was also thinking (I have 0 experience with security, just simple thinking) that long passwords are more insecure than medium length ones? Considering passwords are hashed.

@ewpratten wait. Did you put your own password there?

@afrometal no.

@Gatgeagent I guess I’m okay...

@jobylie not anymore 😂

@sSam how would longer passwords be more insecure?

@huuugo In what situations would the teacher be correct? I've only come up with a few, very far-fetched scenarios, such as a not-pictured "translate this sentence from Hangul" or "write this exactly" -- but in either case, the advice is still poor.

@Root by putting on the test that they need to answer exactly like it was written in the book this can be graded false. if that wasn't written on it, then there is a pretty good case to have this answer counted as correct during review.

@Root if you have 64byte hash, you have only so many unique combinations. If your password is more than 64bytes it means that the hash for "abc123456" might be the same as the hash for your long password.

@sSam While the chance of collisions does increase with length, it's still remarkably low. You'd have to drastically increase password length (by thousands of characters or more) before they were common enough to be a concern.

Also, with expensive hashing algorithms, brute forcing isn't really a concern anyway. Rainbow tables help find collisions, but salting renders existing rainbow tables useless anyway, so you'd still need to generate those.

I guess the whole moral is: you should have just written "many Charakters"

@Root what do you mean the chance of collision is low? If the hash is 64bytes and your password is more than that there IS going to be a 64byte or less character combination whose hash will match your long password hash. There's no chance, it's guaranteed.

@Root if you have unique salt for each user building rainbow table has no use at all?

@sSam existing rainbow tables are useless since they weren't generated with salts / not your salts.

Also, I meant that while increasing password length increases the number of collisions, it would do so slowly. Sorry I wasn't clearer.

@Root yeah I get that, but trying first 64bytes will be enough for all passwords, not that it would take less than universe's life... My point is that having 30byte password will ensure you 30byte password. Whereas having 100byte password might give you a password between 1 and 64 bytes and you might not be that happy with 5byte password...

@sSam There should be a flat chance of collisions between 0 bits and max_input_size bits. Past that it's hard to say. Many hashing algos simply truncate the input, meaning collision chance would stay the same.

@Root OK yeah, I never thought about truncation. Guess the problem I was thinking about doesn't exist then.

@lavandysh I did. He's a great teacher and he gave me the mark, but he said that in a real exam, a "correct" answer would be the only accepted one so I wouldn't have got the mark. It's only one mark and it's the only question I got "wrong"

I have some bad news for you all: if a site has a password max length then it probably doesn't use one way hashes

Fire that teacher, 5 character passwords are so 1995.

It had too many characters.

@lavandysh There are times when the teachers know it’s wrong but has to pressure the students into giving strictly textbook answers. An example would be public exams marked by possibly markers who may not actually know the material. As impossible as that sounds, this actually happens in certain countries.

The school I was studying at did cut off validation after 8 chars. so 01234567 and 0123456789 is the same password for the system...

Also EA doesn't allow anything else than numbers and letters. Or at least they didn't last time I checked

Well, this is just the idiocy of our prehistoric education system

It would take a computer 53 decillion years to crack my password. That's azaming actually.

@whatevel or one keylog/database breach

@Alice non Keyboard ascii Symbols? Alt+3?