Hacker News new | ask | show | jobs
by Dylan16807 669 days ago
> Using 4 or more dictionary words provides excellent password security

I would not call 44-48 bits "excellent". It works if there's a good password hash being used, but if someone left PBKDF on basic settings then a GPU might be able to do 50 million guesses per second, or for a plain old salted hash 50 billion guesses per second.
1 comments
norgie 669 days ago
How does that math work?
link
Dylan16807 669 days ago
The bits, I'm assuming a list of about 2k-4k words. The XKCD example is 2k, so 11 bits per word.

The guesses per second, I looked up some hashcat benchmarks to get a rough range.

link