|
|
|
|
|
|
by pwg
1521 days ago
|
|
|
> why does compressibility matter in terms of password security? It does not. The amount to which it can be compressed is a proxy for internal redundancy. And a 'password' with a lot of internal redundancy is easier to generate and test against the real password. I.e., code to generate all possible 25 character and less passwords consisting of only a single repeating letter would be trivial to write, and it would not need to generate that many candidates compared to the full possible password character space. Which means password cracking tools would already try all these possibilities to score "quick wins". |
|
|