Today I Learned
What did you learn today? Share it with us!
We learn something new every day. This is a community dedicated to informing each other and helping to spread knowledge.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must begin with TIL. Linking to a source of info is optional, but highly recommended as it helps to spark discussion.
** Posts must be about an actual fact that you have learned, but it doesn't matter if you learned it today. See Rule 6 for all exceptions.**
Rule 2- Your post subject cannot be illegal or NSFW material.
Your post subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding non-TIL posts.
Provided it is about the community itself, you may post non-TIL posts using the [META] tag on your post title.
Rule 7- You can't harass or disturb other members.
If you vocally harass or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
For further explanation, clarification and feedback about this rule, you may follow this link.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here.
Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.
Partnered Communities
You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.
Community Moderation
For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.
view the rest of the comments
I just made a simple excel sheet. Downloaded a large dictionary that I cleaned up so the min word size is 4 I think. Then build some random rollers and built a 3 or 4 word password with some numbers and special characters between words. Generally the passwords are 20+ characters long.
From most of what I’ve read, password length makes the most difference in their strength.
So, the difference with no numbers and special characters is 52^20 (2x10^34) versus 95^20 (3.6x10^39). There are three reasons this runs into issues.
Pure math indicates that a 20 digit alpha only password with caps sprinkled in is slightly stronger than 12-13 digits of alphanumeric plus caps and specials.
Out of the various people within various organizations I have supported, people have disclosed their passwords to me a breathtaking number of times. It is quite common for people to create a password with only lower characters. That would be 4x10^27, about the same as 14 characters using the full qwerty set.
Either way, we are discussing a password cracking tool running locally attempting to hash your password. You do have a point that 12 thousand years is a very long time to arbitrarily guess a password. Unless something changes where someone can easily access ten thousand cores at a reasonable utility, you are pretty much safe from anyone except state level threats. That would be full time use of that many cores for 37 days at 10k cores, or 9 hours access to a million cores. We just aren't there yet. No clue if this would work better with GPU time, but that would still be a serious system.
Now, I am stepping into old lessons from 2011, and I can't find a great source to back myself up. If I'm wrong, then I have been operating off this misinformation for 15 years and I'd gladly appreciate better information.
The final issue is that since passwords are hashed in chunks, parts of the password could become visible while the rest is being worked on. This could lead to the attacker guessing the rest of the password.