Ya know that’s what they say, but I’m not so sure - is your dictionary-based brute-forcer doing strings of three words together? Allowing for interspersed special characters between? The sheer character length of three truly random dictionary words in a row is already staggeringly high amounts of entropy - I’m not sure I need to be worried about an attacker capable of that kind of sheer number-buggery.
I’m sure they are ever since this comic came out. It is a very large amount of entropy, but it is still far, far less than an equivalent amount of random characters. Honestly, you do you. If passwords are properly hashed and password attempts are not unlimited and as fast as possible, you’re basically fine.
Good info! And that’s exactly what I meant - a word is weak, but several randomized words together is pretty crazy strong. Slightly less than random letters, but much easier to type in memorize when the situation calls for it.
On your bikelock you have a 3 character code with and alphabet of 0-9. So 10^3 = 1000 possible combinations.
If you pick 3 random words out of a dictionary with 40k words, there are 40000^3 possible combinations. (64 000 000 000 000).
Depending on how the password is hashed a 1000$ machine might be able to test anywhere from like 10 to 10 000 000 000 000 hashes per second. (100 billion hashes per second are more realistic)
So a 3 word password might be safe for a very very long time or cracked in seconds.
Ya know that’s what they say, but I’m not so sure - is your dictionary-based brute-forcer doing strings of three words together? Allowing for interspersed special characters between? The sheer character length of three truly random dictionary words in a row is already staggeringly high amounts of entropy - I’m not sure I need to be worried about an attacker capable of that kind of sheer number-buggery.
I’m sure they are ever since this comic came out. It is a very large amount of entropy, but it is still far, far less than an equivalent amount of random characters. Honestly, you do you. If passwords are properly hashed and password attempts are not unlimited and as fast as possible, you’re basically fine.
deleted by creator
Good info! And that’s exactly what I meant - a word is weak, but several randomized words together is pretty crazy strong. Slightly less than random letters, but much easier to type in memorize when the situation calls for it.
If you pick 3 randon words out of 40000 that’s less entropy than a 8 random character password with only letters and numbers.
It’s about combinatorics.
On your bikelock you have a 3 character code with and alphabet of 0-9. So 10^3 = 1000 possible combinations.
If you pick 3 random words out of a dictionary with 40k words, there are 40000^3 possible combinations. (64 000 000 000 000).
Depending on how the password is hashed a 1000$ machine might be able to test anywhere from like 10 to 10 000 000 000 000 hashes per second. (100 billion hashes per second are more realistic)
So a 3 word password might be safe for a very very long time or cracked in seconds.
A 4 word password will take 40000 times as long.