|
|
|
|
|
|
by lowe
5177 days ago
|
|
|
$^$^$^_ and $^$^$^z are both recognized by zxcvbn as bruteforce regions. it reports the entropy as: n log (c) for a length-n password with symbol space c.
the huge difference in crack time is because zxcvbn is using c==33 (symbols only) for $^$^$^_ and c==59 (symbols + a-z) for $^$^$^z $^$^$^i is in the middle -- 'i' is considered a dictionary match, the rest is c==59 bruteforce. the bigger problem is $^$^$^ isn't recognized as a pattern, but i'm working on ways to improve bruteforce estimation too. good example! |
|
|