• 0 Posts
  • 9 Comments
Joined 1 year ago
cake
Cake day: August 2nd, 2023

help-circle
  • For sim, I utilize iRacing to practice and learn tracks before real life amateur endurance races in champcar and lemons as well as track days.

    IMO iRacing physics are so good and the tracks are so well modeled that it’s a very effective learning tool. It’s the first sim since Live For Speed that really feels close enough to real life for me to forget I’m playing a sim.

    Plus traffic management and race craft are so crucially important in wheel to wheel racing & I simply don’t get any other opportunity to practice those.


  • I think I’m confused on your point.

    I interpreted your statement to mean “adding a requirement for certain types of characters will decrease the number of possible passwords compared to no requirements at all”, which is false. Even in your example above, with only two letters, no numbers / special characters allowed, requiring a capital letter decreases the possibilities back to the original 676 possible passwords - not less.

    Perhaps you’re trying to say that passwords should all require certain complexity, but without broadcasting the password requirements publicly? I suppose that’s a valid point, but I don’t think the tradeoff of time required to make that secure is worth the literal .000001% (I think I did the math right) improvement in security.



  • Provably false. That’s only true if the rules specify some really wacky requirements which I haven’t seen anywhere except in that one game about making a password.

    Think about it this way. If you have a password of maximum length two which only accepts lowercase letters, you have 26 choices for the first character & 26 for the next. Each of the 26 characters in the first spot can be combined with any of the 26 characters in the second spot, so 26 * 26 = 676 possible passwords.

    By adding uppercase letters (for a total of 52 characters to choose from), you get 52 * 52 = 2704 possible passwords. It increases significantly if you increase the length beyond two or can have more than just upper & lowercase letters.

    Computers have gotten so efficient at generating & validating passwords that you can try tens of thousands of passwords in a minute, exhausting every possible two-letter password in seconds starting with aa and ending with ZZ.

    The only way you would decrease the number of possible passwords is if you specified that the character in a particular spot had to be uppercase, but I’ve never seen a password picker say “your fourth character must be a lowercase letter”.


  • I agree - I do use passphrases in some critical cases which I don’t want to store in a password manager.

    However, I believe passphrases are theoretically more susceptible to sophisticated dictionary type attacks, but you can easily mitigate it by using some less-common 1337speak character replacements.

    Highly recommend a password manager though - it’s much easier to remember one or two complex master keyring passwords & the random generated passwords will easily satisfy any application’s complexity requirements.



  • That’s the ticket, IMO. I start off assuming they know, then pause to ask “are you familiar with x concept?”

    If they say yes and they really mean no, there’s really not a lot I can do. But it seems to make people feel at ease when talking to me - I don’t get called out for over explaining or infantalizing people this way.



  • In statistics, everything is based off probability / likelihood - even binary yes or no decisions. For example, you might say “this predictive algorithm must be at least 95% statistically confident of an answer, else you default to unknown or another safe answer”.

    What this likely means is only 26% of the answers were confident enough to say “yes” (because falsely accusing somebody of cheating is much worse than giving the benefit of the doubt) and were correct.

    There is likely a large portion of answers which could have been predicted correctly if the company was willing to chance more false positives (potentially getting studings mistakenly expelled).