• parpol@programming.dev
    link
    fedilink
    arrow-up
    3
    ·
    11 months ago

    As long as you generate the PW with numbers and special characters included, a 14 character password will take over a hundred years to crack.

    50 is so unnecessarily large, it closes in on the age of the universe amount of time needed to brute force.

    • jarfil@beehaw.org
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      11 months ago

      For symmetric keys, since they cannot be weakened using quantum computing, their strength can be assessed by their bit-equivalent amount of entropy:

      • 40 bit or less - easily breakable
      • 64 bit - not so easy, but doable
      • 128 bit or more - basically unbreakable

      Those are equivalent to, respectively:

      • 0-9 - 12, 19, 38 characters
      • a-z - 9, 14, 28 characters
      • a-z0-9 - 8, 12, 25 characters
      • A-Za-z0-9 - 7, 11, 22 characters
      • A-Za-z0-9+special - 7, 10, 21 characters

      Moral of the story: drop the special characters, and even the numbers… and even the uppercase. A 30+ character long all-lowercase pass phrase, is already unbreakable.

      Check @[email protected]:

      finance-caffeine-utopia-redress -unseen

      …is already over 128 bits.

      PS: Correct horse battery staple