Originally Posted by
Hachiman
20 randomly selected characters has a very high degree of entropy. Even with rainbow tables, that's going to take some significant cracking even for a bot. According to the site
www.howsecureismypassword.net, that password would "... take a desktop PC about 560 sextillion years to crack ..."
Definitely, I agree that using a random string of characters is THE best way to make a password with the current conventions of how to construct a password. The point being made by that comic is not that there aren't better methods of password construction, but that the current convention is less effective than other ideas of password construction. Random letters, numbers, and symbols are going to be the least likely to be cracked, but they are EXTREMELY difficult for a human to remember. Most people won't use this type of password, simply because it is so hard to remember.
Second, the system when calculating the amount of time for a crack assumes a mid-range CPU/GPU making 250 million attempts per second (per the creator's facebook account). A dedicated hacker isn't going to be running a mid-range desktop, but a top end system, possibly even an overclocked small server system. This would greatly decrease the time to crack a password.
So, for the TL; DR While I agree the purely random string password is the BEST password, it is an impractical solution for the average user as memorizing a random string is extremely difficult (causing the user to do one of the big no-nos - writing it down, or saving it on their computer somewhere.)
BTW, thanks for that link, that's helpful!
Last edited by Deirachel; 25th June 12 at 03:54 PM.
Reason: used an antonym
Death before Dishonor -- Nothing before Coffee
Nihil curo de ista tua stulta superstitione
Bookmarks