Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

  • frezik
    link
    fedilink
    arrow-up
    1
    ·
    3 months ago

    When I did the math with a reasonable list of alphanums and symbols on a US standard keyboard, a 40 char randomly generated password had equivalent security to a 256 but block cipher key. Describing the difficulty in brute forcing that starts with the phrase “assume you can convert all the energy from a supernova at 100% efficiency into a thermodynamiclly perfect computer”. A roundabout way of saying impossible.

    40 chars random is already overkill.