Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?
this post was submitted on 18 Aug 2024
833 points (98.8% liked)
Cybersecurity - Memes
1963 readers
1 users here now
Only the hottest memes in Cybersecurity
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The longer it is, the harder for anyone to guess, write down, remember, or brute force. For that long a password, someone can actually see my password and then have effectively zero chance of being able to use it.
But maybe it’s more a ”why not?” In one side it’s generated so you can use it equally well, and in the other side it should be hashed to a standard length so they should be able to manage it equally well.
When I did the math with a reasonable list of alphanums and symbols on a US standard keyboard, a 40 char randomly generated password had equivalent security to a 256 but block cipher key. Describing the difficulty in brute forcing that starts with the phrase "assume you can convert all the energy from a supernova at 100% efficiency into a thermodynamiclly perfect computer". A roundabout way of saying impossible.
40 chars random is already overkill.