If a password is just a 20-digit long number, how is that any less strong than a 20-character long combination of letters, numbers, and symbols?
Assuming the passwords are salted, a brute force attack would still require iterating through an impossibly high number of possibilities, no?
20 digits => 10^20 combos
20 characters => 95^20 combos
>If I have a very secure password, and a very very secure password, aren't they both pretty secure?
What is the point of this thread
>Amount of numbers: 10 (including 0)
>Number of letters, numbers, and symbols: 26 letters, 10 numbers, I don't know how many symbols but more than 10
How many people do you think would win the lotto if you only had 25 numbers and had to pick 6 of them? Now how many do you think would win if they had to pick 6 from 10,000 numbers?
A brute force attack wouldn't know in advance what the password is, so wouldn't it be brute-forcing through letters+characters+symbols anyway? It'll still go through way, way, way more than 10^20 permutations, taking decades or centuries before it finds the actual 20-digit number password.
Here's a better question: once you get to an arbitrary length, does it matter? Someone that is trying to crack your password wouldn't know beforehand that its all numbers so they would still be trying to crack with all symbols and letters.
When you evaluate the safety provided by a password generation scheme, it's standard practice to assume that an attacker knows what the scheme is, just not the exact password produced.
That's unrealistic, in what real scenario would the attacker know the scheme?
Maybe if you recently posted it on Any Forums
here is your secure password: ඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞඞ
>A brute force attack wouldn't know in advance what the password is, so wouldn't it be brute-forcing through letters+characters+symbols anyway?
They could check the numbers first since they are much less space and then do the alphanumericals next.
The effort it takes to go through all numbers is 0.0000000000000000028% of the effort it takes to go through the alphanumericals.
>512 letter password with different languages and random symbols
>check the "remember me" box
>no one can ever crack my password
what now hackers
AMOGUS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
You reuse this password on all the websites.
One get hacked and it is found that it literally stores passwords in plaintext.
You get hacked.
Many such cases.
Best practice, use password managers or go for longer alpha-numericals vs symbols. They are easier to remember and increase chance of uniqueness (not reusing). Also 16 letter long alpha-num is as strong as 12 letter with symbols (unless you use symbols not readily available on your keyboard which is highly unpractical).
>reusing the password
>implying every password isnt different 512 random inputs of pure gibberish
I use always the same random password for most sites
Important ones are picked out of a book
>index card with website and a page number next to it
>in the page number there is a word underlined
>password for that site is page number plus password
>paypal 55 becomes “55ideology,”
Brute force attacks arent purely brute force and exhaust dictionary words and pure numbers before moving onto permutations then strong password conditions.
>Someone that is trying to crack your password wouldn't know beforehand that its all numbers
No, but if using all numbers is a common thing people do crackers will try it.
Especially if you always use only numbers and one of your (all numbers) passwords got compromised one day, your username combined with all numbers could become a thing they'll try.
Are there any symbols that are not used in many brute force methods? Some unicode symbol maybe? Space?
>55ideology,
Single dictionary word surrounded by 3 random characters.
That's a piss poor password.
>piss poor password
Compared to what?
If you think a human is guessing your password, you’re a dumbfuck. Any obfuscating you do irl is worthless
A true "brute force" would try all possible characters in all possible combinations.
That's the very definition of "brute force".
Smarter crackers will avoid uncommon characters, either completely or just giving them a lower probability.
But once people start using, say, spaces or Chinese characters then crackers will adjust their scrips accordingly.
Nobody is looking for YOUR password, they're looking for ANY passwords. They'll take a DB dump and crack as many passwords as they can using common dictionaries and generators that will hit the low-hanging fruit. All-digit passwords are most certainly among the things that they will try, though whether or not they'll go to a length of 20 is anyone's guess. The point is that they'll try cracking passwords with reduced keyspaces first. You want to try and have a password whose keyspace is beyond the point at which crackers will be happy with what they have and give up on the rest.
A short, completely random password like "4nK9d"
My password is only half the length of yours but much harder to crack.
Assuming identical entropy it doesn't matter if you use a larger character set or more characters.
I prefer a reduced character set that doesn't contain hard to distinguish characters like "l" and "I", or "O" and "0".
Which makes them MUCH easier to type over from a password manager so I can use longer passwords before it becomes annoying.