10 chars, no special characters and that’s it

Just tell me that you want to have access to my videos and be done with it

  • borari
    link
    fedilink
    4
    edit-2
    2 years ago

    Yeah, that’s not optimal. My single-sourced, non-verified quick Google search tells me that brute forcing a 10-char password of lower case letters only would be instant, subbing out one char for an upper-case letter would increase to one month, and subbing out another char for a number raises that to 6 years. Simply allowing for a special char would take 50 years.

    That’s assuming the password is truly random. Use a dictionary with some rule sets, and make some assumptions like people will probably just append a number to the end of their password, and you’ll knock those times down drastically.

    There’s no excuse for not allowing your users to use safe passwords.

    • terribleplan
      link
      fedilink
      12 years ago

      Assuming they’re using some sort of password-based key derivation function it would be anything but “instant”, depending on the settings they feed to the KDF. For some reason I doubt they are doing so, but just saying that it is possible for it to not suck that bad.

  • @[email protected]
    link
    fedilink
    32 years ago

    But don’t worry guys it mUsT iNcLuDe NuMbErS. If you replace that e with a 3 its unbeatable.

    Why does this even have a character limit. Its an ENCRYPTION KEY. I default mine to 25char.