|
|
|
|
|
|
by cnity
1100 days ago
|
|
|
Passwords tend not to be brute forced one character at a time, but by combinations of common password lists and rainbow tables. The base unit is not character in these cases but entries in the tables. Therefore, a password like "EstablishedCousins" is significantly less secure than "bR^4outc0m3" despite containing more characters. Edit: I actually mean dictionary attack, not rainbow tables, but my point still stands. Edit 2: In fact, the password from the example ("11111111") appears in the 71st line of this password dictionary: https://raw.githubusercontent.com/duyet/bruteforce-database/... |
|
|
And "awn-handsome-dolce-esophagi-radix-lawgiver" is more secure than "Hunter2"…
My point is that their methodology doesn't cover what do they mean by strong passwords. A sufficiently long (and sufficiently random - but how do you check for that?) pass phrase is strong in my view.