• ferret@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Dictionary attacks aren’t some magic bullet. There are a lot of english words and just four of them IS comparable in cracking difficult to a standard 8-char password that is as random as you can make it. There are a lot more words than there are symbols. Four words is obviously not as good as 46 totally random chars

    • scinde@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Dictionary attacks are definitely not a magic bullet, they require a lot of processing power, just like any other brute-force attack, but not more because of their longer length, as has been implied.

      True, there are a lot of english words, but the amount of common words is relatively small. Most people aren’t going to choose a password like “MachicolationRemonstranceCircumambulationSchadenfreude”, even if it were generated for them (which is unlikely).

      Sure, it is comparable to a standard 8 characters passward, but even that kind of password is verging on the insecure (it is the absolute minimum, which should be avoided when possible).

      There are also a lot of symbols when you count emojies and the entire Unicode standard.