Talk:Xkcd

Link to "xkcd sucks"
Many articles on this website are critical of and even insulting towards their subjects. I included a link to "xkcd sucks" because it's relevant to xkcd. TheLateGatsby (talk) 04:17, 6 August 2012 (UTC)
 * xkcd expkained was better. I sometimes needed it to even understand the joke as "nerd references" are lost on this nerd. But +1 for keep the link. Pi 3:14 (talk) 06:37, 6 August 2012 (UTC)

The gallery
"Figure 1"??? Really?--ZooGuard (talk) 07:57, 29 June 2013 (UTC)
 * A gallery is a horrible way to present them when there are only three images & they are unreadable at that scale. 09:20, 29 June 2013 (UTC)

Climate Change
We should also include the fact that Randall is critical of climate-change denialism, and that is referenced in comics 164, 887, 1225, and, most recently, 1321.
 * Alrightythen. Zero (talk) 20:28, 27 January 2014 (UTC)

Additionally, as evidenced by Randall's January 2008 blag (not a typo) entry, Randall supports Obama for president, and, based on all the evidence, is most likely a liberal. I included it in this section because I think it should be added to the Topics Covered section.

Intro section
Not a major issue, but I stumbled slightly over "...from the perspective of an introverted geek — the same perspective shared by most of the target audience." Isn't that a bit of an assumption? If we mean 'target audience' as the audience that Randall has in mind, then there should probably be a reference, if it's more 'target audience' is the sense of who actually reads them, it's probably wider than you imagine. No biggie though. Worm (talk) 09:47, 9 March 2015 (UTC)

Argumentum ad xkcd
I've removed the criticism of "correct horse battery staple", as it seems to be a misunderstanding... The comic does pick four words at random, which in the example gives ~44 bits of entropy, which means an attacker cannot do better than 2^44 guesses - this assumes that the attacker is using a "combinator attack". The contrary examples in of "howdoyouthink!", "momof3g8kids", and "ilovemySister31" are clearly not four dictionary words picked at random; they can be cracked in less than 2^44 attempts because they are each little better than one dictionary word. Toad Chavez (talk) 15:22, 2 November 2015 (UTC)
 * It's not "wrong", it's simplistic and misses the reality of passwords and how people work with them. People are really piss-poor random generators for this sort of thing. There is a difference in what people "should" do, and what people "actually" do.
 * Given that the average vocabulary size is about 20k to 35k, the cracking would be about 231 to 2170 days (using the 8 billion/second from the Ars article, which is a few years old, so it's probably more now). The 231 days is probably okay for most things, but probably not for everything (especially long-term stuff). If we reduce the word list to just 10k, we end up with a cracking time of just 14 days.
 * The obvious solution to this is to add more words, 5 words already gives us ~400 years, and 6 gives 4 million years.
 * But at this point we must wonder whether the passwords are still mnemonic... Not all 5 random words from a dictionary are (even "correct horse battery staple isn't, as such, IMHO).
 * This is for Schneier's scheme is better, it dramatically lengthens the passphrase
 * Of course, the best way is probably still using a good password manager... Carpetsmoker (talk) 22:57, 16 December 2015 (UTC)
 * See also https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength with rebuttals to Schneier's straw man


 * It should be removed. My edit was reverted because the section contains sources, but none of the sources support what is said here. There're just description of some password cracking techniques.


 * Yes, it's a simplification, of course it is, it's from a webcomic. Yes you should use more than 4 words, be suspicious of the human ability to generate randomness, assume word usage follows a Pareto distribution. And yes a password generator is generally preferable. But the general argument is valid and as valid now as it was in the past.


 * The only really important question is about the most efficient way for a human to memorise the most entropy possible. And it turns out that way is language. That's what the guys reciting 1000's of digits of pi do, they tell themselves stories about it. The facts that we are bad at generating randomness and that people have bad security habits are true whether or not they use this method. When you force them to have numbers and caps they use azerty1A.


 * Compared to XKCD's method, Schneier's is just slower to type and has reduced entropy. If you bother to remember a full sentence why not directly use it as the password?

XKCD did commit a heresy
The have a bitcoin address at the bottom of their site!!--Arisboch ☞✍☜☞✉☜ ∈)☼(∋ 22:23, 3 November 2015 (UTC)

Correct horse battery staple
"and should corrupt a few words (such as "bad" capitalization or deliberate misspelling)." Wait, this is wrong really, as the very point of the comic was to illustrate how adding one more dictionary word chosen at random has the same effect of increasing entropy as introducing a couple misspellings/number substitutions, while being way easier to remember. So this advice totally misses the great underlyinh point of the comic. 91.153.232.41 (talk) 08:46, 15 March 2022 (UTC)
 * Finally a BoN I can agree on. I'll probably rewrite that part, but not entirely remove criticism of that comic. 13:42, 15 March 2022 (UTC)