On Sun, 19 Feb 2023 23:10:30 -0000, Alan Browne <bitbucket@blackhole.com> wrote:

> On 2023-02-19 17:56, Chris wrote:
>> Alan Browne <bitbucket@blackhole.com> wrote:
>>> On 2023-02-18 08:35, Mr. Man-wai Chang wrote:
>>>> On 18/2/2023 7:25 am, Alan Browne wrote:
>>>>>
>>>>> Not in the dictionary much.
>>>>>
>>>>> Back in the 80s or 90s we needed to unzip a file after an engineer left
>>>>> the co.
>>>>>
>>>>> Another engineer used a dictionary attack. Got nowhere.
>>>>> Then asked "who was the engineer anyway?"
>>>>> "Eric"
>>>>> He switched to a Hebrew dictionary and the zip file was opened
>>>>> quickly... (Hebrew rendered in the English alphabet).
>>>>
>>>> It's still a dictonary hack, using a human languagte called Hebrew! :)
>>>>
>>>> The other method is of course using the characteristic of ASCII/EBCDIC!
>>>> That is, try "a", "b", "c", ... "aa", "ab", "ac", "ad", .... This
>>>> method will definitely work, but needs time! ;)
>>>
>>> That was back then - since then people have learned (I hope) to use real
>>> passwords such as the one I put up.
>>
>> Many do and many don't.
>>
>> As long as people need to type in passwords they aren't going to use long
>> and complicated strings.
>
> Either use a password manager (as I do) or become clever in the
> composition of the passwords. So earlier I posted a pretty random one
> appropriate to a password manager.
>
> Alternately strong passwords that are memorable can look something like:
>
> merrY$penGuin@2four78

Why make it memorable? (Not that I'd ever remember what you just chose) I just save them all in a text file, and also let the browser remember them. If someone breaks into my house the last thing I'd care about is getting into some online accounts.

It happens that Commander Kinsey formulated :
> On Sun, 19 Feb 2023 05:54:34 -0000, Mr. Man-wai Chang
> <toylet.toylet@gmail.com> wrote:
>
>> On 19/2/2023 1:18 am, FromTheRafters wrote:
>>>
>>> Modified Brute Force attack.
>>>
>>> Twice Modified Brute Force attack.
>>>
>>> Brute Force attack.
>>
>>
>> People might not know the meaning of "brute force". Picking phyical
>> locks might be easier to understand. :)
>
> Everybody knows what brute force is.

A cryptography 'jargon' term for an exhaustive key search.

On 3/1/2023 3:32 PM, Commander Kinsey wrote:
> On Sat, 18 Feb 2023 13:35:15 -0000, Mr. Man-wai Chang
> <toylet.toylet@gmail.com> wrote:

>>
>> It's still a dictonary hack, using a human languagte called Hebrew! :)
>
> They're not human.
>

Really? If you think that then nobody is and since a lot of the computer
hardware and code was developed by them you should not be using any of it.

On Mon, 20 Feb 2023 20:04:47 -0000, J. J. Lodder <nospam@de-ster.demon.nl> wrote:

> Alan Browne <bitbucket@blackhole.com> wrote:
>
>> On 2023-02-20 07:33, J. J. Lodder wrote:
>> > mechanic <mechanic@example.net> wrote:
>> >
>> >> On Sun, 19 Feb 2023 22:56:10 -0000 (UTC), Chris wrote:
>> >>
>> >>> As long as people need to type in passwords they aren't going to
>> >>> use long and complicated strings.
>> >>
>> >> No excuse!
>> >
>> > And long passwords need not be difficult.
>> > 1RoseByAnyOtherNameWillSmellAsSweet!
>> > will be just fine,
>>
>> Good, but insert a few numbers/spec chars in the middle too ... along
>> with a misspelled word and caps in the "wrong" places ... and it will be
>> as good as random where a dictionary+brute force attack occurs.
>
> Most sites insist nowadays on at least one digit,
> one capitalised letter, and one special sign.
> My example complies,

The insistance is irritating. I make a nice easy to remember password to use everywhere, then along comes a place with yet one more requirement. If you have a different password for every single thing, people have to write them down, and there goes security. Mine are all in an unencrypted text file. I've seen them on postit notes on the side of people's monitors.

Eye scanning is maybe better, then again I recently watched a TV program where they unlocked a phone using face recognition by aiming it at the sleeping person's face.

On Mon, 20 Feb 2023 15:00:46 -0000, Mr. Man-wai Chang <toylet.toylet@gmail.com> wrote:

> On 20/2/2023 8:42 pm, Chris wrote:
>>
>> At work one time, I set up my password as a 25 character random string via
>> my password manager which was great until they decided to sync the network
>> password with the local password on my machine. So when when I needed to
>> login after a reboot or screensaver kicks in I had to type it in manually.
>
> You should use your brain to memorize all 25-character random strings. :)

Our brains are pretty shit really.

I can still remember the 16 digit debit card number from one I had in 1994. But I can't remember any after that. And I could never remember the 3 digit security code!

On Mon, 20 Feb 2023 20:04:48 -0000, J. J. Lodder <nospam@de-ster.demon.nl> wrote:

> Mr. Man-wai Chang <toylet.toylet@gmail.com> wrote:
>
>> On 20/2/2023 8:42 pm, Chris wrote:
>> >
>> > At work one time, I set up my password as a 25 character random string via
>> > my password manager which was great until they decided to sync the network
>> > password with the local password on my machine. So when when I needed to
>> > login after a reboot or screensaver kicks in I had to type it in manually.
>>
>> You should use your brain to memorize all 25-character random strings.. :)
>
> No problem with that at all, for me.
> The problem is memorising a few particular ones,

Are you telling me you can remember something like £Q%HarbE^7jaerH$j4w6j?

On Thu, 23 Feb 2023 10:15:03 -0000, Joerg Lorenz <hugybear@gmx.ch> wrote:

> Am 23.02.23 um 09:10 schrieb Commander Kinsey:
>> On Wed, 15 Feb 2023 17:09:44 -0000, Paul <nospam@needed.invalid> wrote:
>>
>>> On 2/15/2023 11:13 AM, Tim Slattery wrote:
>>>> "Commander Kinsey" <CK1@nospam.com> wrote:
>>>>
>>>>> Trying to get into a password protected zip. Got three instances of a free password cracker (Stella Data Recovery) running for the last handful of hours trying three different methods (they only use 1 core each). Still not got in. I find it hard to believe zips are that tightly sealed.
>>>>
>>>> The ZIP format was created for data compression, not security. Since
>>>> then password protection has been added to it. I guess it would be as
>>>> strong or weak as any other encrypted format.
>>>
>>> The export laws on crypto, historically had a chilling effect
>>> on crypto strength.
>>
>> No government can stop me encrypting how I wish, then sending it to anyone in any country.
>
> Sure. But you will be blacklisted and not allowed to fly anymore.
> Your next parking ticket is your death sentence ... :-D
>
> America is as totalitarian as Russia or China.
> But many Americans think they live in a free country.
>
> *ROTFLSTC*.

Then you disguise who you are when you send it.

On Thu, 23 Feb 2023 10:18:11 -0000, Paul <nospam@needed.invalid> wrote:

> On 2/23/2023 3:10 AM, Commander Kinsey wrote:
>> On Wed, 15 Feb 2023 17:09:44 -0000, Paul <nospam@needed.invalid> wrote:
>>
>>> On 2/15/2023 11:13 AM, Tim Slattery wrote:
>>>> "Commander Kinsey" <CK1@nospam.com> wrote:
>>>>
>>>>> Trying to get into a password protected zip. Got three instances of a free password cracker (Stella Data Recovery) running for the last handful of hours trying three different methods (they only use 1 core each). Still not got in. I find it hard to believe zips are that tightly sealed.
>>>>
>>>> The ZIP format was created for data compression, not security. Since
>>>> then password protection has been added to it. I guess it would be as
>>>> strong or weak as any other encrypted format.
>>>
>>> The export laws on crypto, historically had a chilling effect
>>> on crypto strength.
>>
>> No government can stop me encrypting how I wish, then sending it to anyone in any country.
>>
>>> And to some extent, that hasn't changed.
>>> It's only when it impacts the competitiveness of a country,
>>> that it stops.
>>>
>>> It used to be "you stop it before it happens" was how
>>> you handled crypto. Today, it's the usage of rubber hoses
>>> which is the preferred method (the TrueCrypt mystery,
>>> and legislative attempts to build backdoors).
>>>
>>> When ZIP was invented, elliptic curve didn't exist. But
>>> there were still likely to have been methods which signal
>>> you are using the "tough" version. Using a weak-as-piss
>>> method ensures your product can be Exported.
>>>
>>> The same kinds of things happened on PDF format.
>>>
>>> And the old protection on ZIP is so weak, if Google wants to,
>>> they can scan ZIP attachments in GMail with that protection method,
>>> in "real time". You can't have a much weaker crypto than that.
>>> It's no barrier at all.
>>>
>>> The newer method on the other hand, is more of an impediment.
>>>
>>> Even the encryption on 7Z has had the odd issue, but these
>>> implementation details have been corrected.
>>
>> Isn't 7zip just a zip program, using the same standards as any other?
>
> Just as RAR has a custom compressor (and charges money for it),
> 7ZIP has a custom compressor (7z) and it is free.
>
> I think these are arithmetic compressors, similar to LZMA, but
> you'll probably find a wikipedia entry with the details.
>
> The other thing it has, is a pre-processor. There is a method
> for re-encoding EXE files, and if 7Z senses EXE files, it passes
> the data through the pre-processor, before the main 7Z compression
> step runs.
>
> 7ZIP has multithreaded compression and multithreaded decompression.
> By using all the cores, the slow LZMA-like method is delivered at
> moderate speed.

Everything should be multithreaded, we've had multicore CPUs for donkey's years.

> To compress a hard drive full of data with 7Z, costs about $1 worth
> of electricity. Just to give some idea, that certain computing things
> do cost real money. A machine can grind for most of the day,
> compressing a disk drive.

Does it cost much to have a drive compressed by Windows? Every time you read and write you're using the processor. But less of the drive motor and the wear on it.

> Some of the other compressors built into 7Z, are not multicore.
> The winZIP compressor is probably not running on multiple cores.
>
> PIGZ is a parallel version of GZIP. It uses multiple cores during
> compression, but only one core during decompression. And the
> multiple cores, may have a limit. Whereas 7ZIP can use all your
> cores for .7z .
>
> On Win10 or Win11, you set the thread count to 2x as many as
> the CPU. A CPU with 6C 12T, you set the thread count to 24,
> so that the 12 virtual cores are well-loaded. This helps keep
> the CPU usage bar at 100%. If you set the thread count to 12
> (one per virtual core), it only runs at about 80% or so.
> Since the dictionary size for Ultra mode is 600MB per thread,
> 24*600 = close to 16GB of RAM. So if you want to make your
> CPU as hot as possible, you need sufficient RAM for all the
> threads of execution to use.

Doing that might overload the caches and slow it down.

> And then, when 7ZIP is finished all that mumbo-jumbp, it
> can do a pass of AES256 and encrypt the output blocks.
> Encryption is done after compression, because encrypted
> data does not compress. That's how you can tell the
> quality of encryption, if it does not compress and
> the file becomes smaller.

On Thu, 23 Feb 2023 12:45:18 -0000, Shinji Ikari <shinji@gmx.net> wrote:

> Hello.
>
> "Commander Kinsey" <CK1@nospam.com> schrieb
>
>> On Tue, 14 Feb 2023 18:45:46 -0000, Shinji Ikari <shinji@gmx.net> wrote:
>>> "Commander Kinsey" <CK1@nospam.com> schrieb
>>>> On Tue, 14 Feb 2023 15:36:51 -0000, FromTheRafters <FTR@nomail.afraid.org> wrote:
>>>>> Commander Kinsey explained on 2/14/2023 :
>>>>>> Trying to get into a password protected zip. Got three instances of a free
>>>>>> password cracker (Stella Data Recovery) running for the last handful of hours
>>>>>> trying three different methods (they only use 1 core each). Still not got
>>>>>> in. I find it hard to believe zips are that tightly sealed.
>>>>> 256 bit encryption is pretty strong.
>>>>> What was used to encrypt it?
>>>> Is there not a standard for all zips?
>>> I don't think so, because zip can be produced by a variety of
>>> software.
>> But it's all compatible. If you create it with 7zip, I can open int with winzip.
>
> Yes, but only, if the unpacking ZIP compatible programm can use the
> same en-/decryption used while packing it.
>
>>>> I remember from the 90s when zips were a new thing, it was a laugh they could easily be opened.
>>> Well, that ist only 30 years ago, there was a 'tiny' step forward in
>>> zip files.
>> So I couldn't open a modern zip with the 1st version of pkunzip?
>
> if it is encrypted with an never encrytion method, that pkunzip does
> not know of: yes, then you can not get the data inside of the ZIP file
> with a to old pkunzip versoion.

I do remember them adding extra methods even back in the DOS versions. There was exploding and imploding.

On Wed, 01 Mar 2023 21:49:12 -0000, FromTheRafters <FTR@nomail.afraid.org> wrote:

> It happens that Commander Kinsey formulated :
>> On Sun, 19 Feb 2023 05:54:34 -0000, Mr. Man-wai Chang
>> <toylet.toylet@gmail.com> wrote:
>>
>>> On 19/2/2023 1:18 am, FromTheRafters wrote:
>>>>
>>>> Modified Brute Force attack.
>>>>
>>>> Twice Modified Brute Force attack.
>>>>
>>>> Brute Force attack.
>>>
>>>
>>> People might not know the meaning of "brute force". Picking phyical
>>> locks might be easier to understand. :)
>>
>> Everybody knows what brute force is.
>
> A cryptography 'jargon' term for an exhaustive key search.

I thought Mr. Man-wai Chang meant people might not know the everyday phrase.

On Wed, 01 Mar 2023 22:31:12 -0000, Zaidy036 <Zaidy036@air.isp.spam> wrote:

> On 3/1/2023 3:32 PM, Commander Kinsey wrote:
>> On Sat, 18 Feb 2023 13:35:15 -0000, Mr. Man-wai Chang
>> <toylet.toylet@gmail.com> wrote:
>
>>>
>>> It's still a dictonary hack, using a human languagte called Hebrew! :)
>>
>> They're not human.
>>
>
> Really? If you think that then nobody is

They're a different species (biological fact).

> and since a lot of the computer
> hardware and code was developed by them you should not be using any of it.

The hacker code perhaps.

on 3/12/2023, Commander Kinsey supposed :
> On Wed, 01 Mar 2023 21:49:12 -0000, FromTheRafters <FTR@nomail.afraid.org>
> wrote:
>
>> It happens that Commander Kinsey formulated :
>>> On Sun, 19 Feb 2023 05:54:34 -0000, Mr. Man-wai Chang
>>> <toylet.toylet@gmail.com> wrote:
>>>
>>>> On 19/2/2023 1:18 am, FromTheRafters wrote:
>>>>>
>>>>> Modified Brute Force attack.
>>>>>
>>>>> Twice Modified Brute Force attack.
>>>>>
>>>>> Brute Force attack.
>>>>
>>>>
>>>> People might not know the meaning of "brute force". Picking phyical
>>>> locks might be easier to understand. :)
>>>
>>> Everybody knows what brute force is.
>>
>> A cryptography 'jargon' term for an exhaustive key search.
>
> I thought Mr. Man-wai Chang meant people might not know the everyday phrase.

That very well may be. I put it back in context.

On 13/03/2023 11:25, FromTheRafters wrote:
> on 3/12/2023, Commander Kinsey supposed :
>> On Wed, 01 Mar 2023 21:49:12 -0000, FromTheRafters
>> <FTR@nomail.afraid.org> wrote:
>>
>>> It happens that Commander Kinsey formulated :
>>>> On Sun, 19 Feb 2023 05:54:34 -0000, Mr. Man-wai Chang
>>>> <toylet.toylet@gmail.com> wrote:
>>>>
>>>>> On 19/2/2023 1:18 am, FromTheRafters wrote:
>>>>>>
>>>>>> Modified Brute Force attack.
>>>>>>
>>>>>> Twice Modified Brute Force attack.
>>>>>>
>>>>>> Brute Force attack.
>>>>>
>>>>>
>>>>> People might not know the meaning of "brute force". Picking phyical
>>>>> locks might be easier to understand. :)
>>>>
>>>> Everybody knows what brute force is.
>>>
>>> A cryptography 'jargon' term for an exhaustive key search.
>>
>> I thought Mr. Man-wai Chang meant people might not know the everyday
>> phrase.
>
> That very well may be. I put it back in context.

Did you tech THIS fellow?

https://youtu.be/EpBWFF8i_gc

Oops!

> Did you teach THIS fellow?
>
> https://youtu.be/EpBWFF8i_gc

On Mon, 13 Mar 2023 11:54:56 -0000, David Brooks <DavidB@nomail.afraid.org> wrote:

> On 13/03/2023 11:25, FromTheRafters wrote:
>> on 3/12/2023, Commander Kinsey supposed :
>>> On Wed, 01 Mar 2023 21:49:12 -0000, FromTheRafters
>>> <FTR@nomail.afraid.org> wrote:
>>>
>>>> It happens that Commander Kinsey formulated :
>>>>> On Sun, 19 Feb 2023 05:54:34 -0000, Mr. Man-wai Chang
>>>>> <toylet.toylet@gmail.com> wrote:
>>>>>
>>>>>> On 19/2/2023 1:18 am, FromTheRafters wrote:
>>>>>>>
>>>>>>> Modified Brute Force attack.
>>>>>>>
>>>>>>> Twice Modified Brute Force attack.
>>>>>>>
>>>>>>> Brute Force attack.
>>>>>>
>>>>>>
>>>>>> People might not know the meaning of "brute force". Picking phyical
>>>>>> locks might be easier to understand. :)
>>>>>
>>>>> Everybody knows what brute force is.
>>>>
>>>> A cryptography 'jargon' term for an exhaustive key search.
>>>
>>> I thought Mr. Man-wai Chang meant people might not know the everyday
>>> phrase.
>>
>> That very well may be. I put it back in context.
>
> Did you tech THIS fellow?
>
> https://youtu.be/EpBWFF8i_gc

Fucking hell, that beats any other one I've seen.

On 19/03/2023 21:19, Commander Kinsey wrote:
> On Mon, 13 Mar 2023 11:54:56 -0000, David Brooks
> <DavidB@nomail.afraid.org> wrote:
>
>> On 13/03/2023 11:25, FromTheRafters wrote:
>>> on 3/12/2023, Commander Kinsey supposed :
>>>> On Wed, 01 Mar 2023 21:49:12 -0000, FromTheRafters
>>>> <FTR@nomail.afraid.org> wrote:
>>>>
>>>>> It happens that Commander Kinsey formulated :
>>>>>> On Sun, 19 Feb 2023 05:54:34 -0000, Mr. Man-wai Chang
>>>>>> <toylet.toylet@gmail.com> wrote:
>>>>>>
>>>>>>> On 19/2/2023 1:18 am, FromTheRafters wrote:
>>>>>>>>
>>>>>>>> Modified Brute Force attack.
>>>>>>>>
>>>>>>>> Twice Modified Brute Force attack.
>>>>>>>>
>>>>>>>> Brute Force attack.
>>>>>>>
>>>>>>>
>>>>>>> People might not know the meaning of "brute force". Picking phyical
>>>>>>> locks might be easier to understand. :)
>>>>>>
>>>>>> Everybody knows what brute force is.
>>>>>
>>>>> A cryptography 'jargon' term for an exhaustive key search.
>>>>
>>>> I thought Mr. Man-wai Chang meant people might not know the everyday
>>>> phrase.
>>>
>>> That very well may be. I put it back in context.
>>
>> Did you teach THIS fellow?
>>
>> https://youtu.be/EpBWFF8i_gc
>
> Fucking hell, that beats any other one I've seen.

Pure fun! 😃

On 20/02/2023 20:04, J. J. Lodder wrote:
> Alan Browne <bitbucket@blackhole.com> wrote:
>
>> On 2023-02-20 07:33, J. J. Lodder wrote:
>>> mechanic <mechanic@example.net> wrote:
>>>
>>>> On Sun, 19 Feb 2023 22:56:10 -0000 (UTC), Chris wrote:
>>>>
>>>>> As long as people need to type in passwords they aren't going to
>>>>> use long and complicated strings.
>>>>
>>>> No excuse!
>>>
>>> And long passwords need not be difficult.
>>> 1RoseByAnyOtherNameWillSmellAsSweet!
>>> will be just fine,
>>
>> Good, but insert a few numbers/spec chars in the middle too ... along
>> with a misspelled word and caps in the "wrong" places ... and it will be
>> as good as random where a dictionary+brute force attack occurs.
>
> Most sites insist nowadays on at least one digit,
> one capitalised letter, and one special sign.
> My example complies,

I often seem to manage to pick the one special character that isn't
allowed! Then the website doesn't tell me what's wrong, it just repeats
what it already told me, something like "your password must include at
least 8 characters including one lowercase letter, one uppercase letter,
one digit, and one special character or punctuation symbol".

--
Brian Gregory (in England).

J. J. Lodder <nospam@de-ster.demon.nl> wrote:
> Alan Browne <bitbucket@blackhole.com> wrote:
>
>> On 2023-02-20 07:33, J. J. Lodder wrote:
>>> mechanic <mechanic@example.net> wrote:
>>>
>>>> On Sun, 19 Feb 2023 22:56:10 -0000 (UTC), Chris wrote:
>>>>
>>>>> As long as people need to type in passwords they aren't going to
>>>>> use long and complicated strings.
>>>>
>>>> No excuse!
>>>
>>> And long passwords need not be difficult.
>>> 1RoseByAnyOtherNameWillSmellAsSweet!
>>> will be just fine,
>>
>> Good, but insert a few numbers/spec chars in the middle too ... along
>> with a misspelled word and caps in the "wrong" places ... and it will be
>> as good as random where a dictionary+brute force attack occurs.
>
> Most sites insist nowadays on at least one digit,
> one capitalised letter, and one special sign.
> My example complies,

Many (increasingly?) sites have ridiculously low length limits as well. A
recent one was 8 characters, but often it's around 20. Your example
wouldn't work there.

That's why I gave up on an "internal algorithm" as I had to either have
several or make it as weak as the worst site.

Now I use a password manager.

Brian Gregory <void-invalid-dead-dontuse@email.invalid> wrote:

> On 20/02/2023 20:04, J. J. Lodder wrote:
> > Alan Browne <bitbucket@blackhole.com> wrote:
> >
> >> On 2023-02-20 07:33, J. J. Lodder wrote:
> >>> mechanic <mechanic@example.net> wrote:
> >>>
> >>>> On Sun, 19 Feb 2023 22:56:10 -0000 (UTC), Chris wrote:
> >>>>
> >>>>> As long as people need to type in passwords they aren't going to
> >>>>> use long and complicated strings.
> >>>>
> >>>> No excuse!
> >>>
> >>> And long passwords need not be difficult.
> >>> 1RoseByAnyOtherNameWillSmellAsSweet!
> >>> will be just fine,
> >>
> >> Good, but insert a few numbers/spec chars in the middle too ... along
> >> with a misspelled word and caps in the "wrong" places ... and it will be
> >> as good as random where a dictionary+brute force attack occurs.
> >
> > Most sites insist nowadays on at least one digit,
> > one capitalised letter, and one special sign.
> > My example complies,
>
>
> I often seem to manage to pick the one special character that isn't
> allowed! Then the website doesn't tell me what's wrong, it just repeats
> what it already told me, something like "your password must include at
> least 8 characters including one lowercase letter, one uppercase letter,
> one digit, and one special character or punctuation symbol".

I've found some sites don't accept the question mark,

Jan

On Mon, 20 Mar 2023 13:51:31 -0000, J. J. Lodder <nospam@de-ster.demon.nl> wrote:

> Brian Gregory <void-invalid-dead-dontuse@email.invalid> wrote:
>
>> On 20/02/2023 20:04, J. J. Lodder wrote:
>> > Alan Browne <bitbucket@blackhole.com> wrote:
>> >
>> >> On 2023-02-20 07:33, J. J. Lodder wrote:
>> >>> mechanic <mechanic@example.net> wrote:
>> >>>
>> >>>> On Sun, 19 Feb 2023 22:56:10 -0000 (UTC), Chris wrote:
>> >>>>
>> >>>>> As long as people need to type in passwords they aren't going to
>> >>>>> use long and complicated strings.
>> >>>>
>> >>>> No excuse!
>> >>>
>> >>> And long passwords need not be difficult.
>> >>> 1RoseByAnyOtherNameWillSmellAsSweet!
>> >>> will be just fine,
>> >>
>> >> Good, but insert a few numbers/spec chars in the middle too ... along
>> >> with a misspelled word and caps in the "wrong" places ... and it will be
>> >> as good as random where a dictionary+brute force attack occurs.
>> >
>> > Most sites insist nowadays on at least one digit,
>> > one capitalised letter, and one special sign.
>> > My example complies,
>>
>>
>> I often seem to manage to pick the one special character that isn't
>> allowed! Then the website doesn't tell me what's wrong, it just repeats
>> what it already told me, something like "your password must include at
>> least 8 characters including one lowercase letter, one uppercase letter,
>> one digit, and one special character or punctuation symbol".
>
> I've found some sites don't accept the question mark,

I've never had symbols denied. I have had a space in my username denied though.

To pick a password, I tap the shift key with one hand, while mashing the letters and numbers with the other, so I get something like E^J*4^JHd6u.

Then when I go to copy and paste it from my text file of passwords, I come back to the website and find a red marker saying I'm an idiot for not entering the password. Either that or I fill in the form in the order I think of things, and it gets very upset saying I forgot the other thing, just because I dared to enter my name first. Or I fill everything in, press ok, then it complains the captcha which hadn't loaded yet hadn't been filled in, then it removes the password I entered, so when I fill in the captcha, it's still annoyed. Web designers are morons.