undefined | Better HN

0 pointscnity2y ago0 comments

Passwords tend not to be brute forced one character at a time, but by combinations of common password lists and rainbow tables. The base unit is not character in these cases but entries in the tables.

Therefore, a password like "EstablishedCousins" is significantly less secure than "bR^4outc0m3" despite containing more characters.

Edit: I actually mean dictionary attack, not rainbow tables, but my point still stands.

Edit 2: In fact, the password from the example ("11111111") appears in the 71st line of this password dictionary: https://raw.githubusercontent.com/duyet/bruteforce-database/...

0 comments

yreg2y ago

> Therefore, a password like "EstablishedCousins" is significantly less secure than "bR^4outc0m3" despite containing more characters.

And "awn-handsome-dolce-esophagi-radix-lawgiver" is more secure than "Hunter2"…

My point is that their methodology doesn't cover what do they mean by strong passwords. A sufficiently long (and sufficiently random - but how do you check for that?) pass phrase is strong in my view.

j / k navigate · click thread line to collapse