@stevefoerster What would be nice would be to include the version with high entropy that humans have been demonstrated to actually be able to remember: diceware style passwords (multiple words, eg like xkcd.com/936/ except you want more like 6-7 words these days)

@cwebber @stevefoerster this chart suggests XKCD is right. Even a 3 word passphrase takes like 10 times as long to crack as a gibberish password of 9 or 10 characters.

@msh @cwebber @stevefoerster Only if the attacker brute-forces character by character instead of word by word.

Follow

@Creideiki true, but it's still better to use paraphrases.

4-word, English, all lowercase paraphrase with single space word separators: 8.5 * 10^20 combinations of words. That is more than all the possible combinations of 10 printable ASCII characters (6.6 * 10^19), except easier to remember.

Factor in uppercase characters, punctuation (which dictionary attacks cannot find) and other languages and it's even better.

cwebber@octodon.social @stevefoerster

Sign in to participate in the conversation
COALES.CO - Come Together!

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!