How long it takes to brute force crack your password. #infosec
@stevefoerster What would be nice would be to include the version with high entropy that humans have been demonstrated to actually be able to remember: diceware style passwords (multiple words, eg like https://xkcd.com/936/ except you want more like 6-7 words these days)
@cwebber @stevefoerster this chart suggests XKCD is right. Even a 3 word passphrase takes like 10 times as long to crack as a gibberish password of 9 or 10 characters.
I don't believe this is correct.
If enough people use 3-4 word phrases, brute force attackers will specifically adapt to this.
Assuming a lexicon of 20,000 words (average native speaker) you get 20,000 ^ 4 permutations or 1.6e+17
Assuming 68 alpha numeric characters (lower, upper, digits, 10 symbols) you only need 10 characters to surpass this (68^10 or 2.1e+18)
