• @[email protected]
    link
    fedilink
    English
    -1
    edit-2
    10 months ago

    That really depends on the password complexity. Sure, you can crack a password of 6-8 characters in below 30 minutes, but anything more complex than that will take days and longer.

    My default password is 22 characters long and includes a unique identifier for each service plus a checksum. Say as an example (similar enough to my actual use case) for Adobe I’ll have “Ae” (first and last letter of the service) and “41” in a specific position (A = 41 in Hex).

    That way even if I repeat the other 18 characters (including symbols, upper and lower case characters) it will take years or even decades on a consumer grade system to crack my password, and the hash is unique for each service/website, so there won’t be any collateral damage either, even if some service I used got breached and my password somehow fully exposed.

    • @ReginaPhalange
      link
      English
      2610 months ago

      Why do people humble brag about their password strength, but then tell the whole world how to construct rainbow tables designed to crack their passwords?

      • @InnerScientist
        link
        English
        610 months ago

        Iirc rainbow tables are currently useless due to good seasoning salt.

        Though password crackers can take a known pattern to drastically increase speed it would still have to do the whole calculation for every password.

      • @[email protected]
        link
        fedilink
        English
        110 months ago

        Like I mentioned, I’m using a related pattern, nothing as simple as the one I sketched out here.

        • LostXOR
          link
          fedilink
          110 months ago

          As long as the other 18 characters are randomly generated that seems secure enough, and a decent way to keep track of which passwords are associated with which accounts.

          • @LordKitsuna
            link
            English
            910 months ago

            Feels like just a roundabout an exceptionally more difficult way to achieve a strong password versus just a password manager. Where you can do ridiculous things like have a 100 character long password

            Only to discover that the website will accept 100 characters in the box but actually truncate it to like 40 without telling you

    • @[email protected]
      link
      fedilink
      English
      2010 months ago

      I think I’ll stick with a password manager and its randomly generated passwords instead of doing an algebra problem every time I want to check my email

    • RiQuY
      link
      fedilink
      English
      510 months ago

      I guess then “hunter2” users are in trouble.