- Sep 15, 2008
- 5,055
- 198
- 116
Secret Microsoft policy limited Hotmail passwords to 16 characters
- Thread starter Chiefcrowe
- Start date
That's retarded...
They argue uniqueness matters most and that's rubbish, first of all that doesn't make any sense, how do you make a password that is more unique than any other, maybe they mean random, or unpredictable?
But secondly, length is generally considered to be much safter than "uniqueness", a longer passphrase with small character set is computationally harder to brute force than a smaller passphrase with a very large character set.
I literally have been playing with password brute forcing over the last few days and you can break a password of 1-7 characters long hashed with a fast GPU, precalculated rainbow tables and just a few minutes of computation. That's using a wide character set of all Upper and lower case Alpha, numeric and special symbols including space.
In comparison just extending that to 10 length password even with just lower alpha requires so much computational time that only super computer are going to break it within your life time. 10+ just isn't possible with the hardware we have right now, or for the forseeable future.
There's a great XKCD comic on this:
http://xkcd.com/936/
They argue uniqueness matters most and that's rubbish, first of all that doesn't make any sense, how do you make a password that is more unique than any other, maybe they mean random, or unpredictable?
But secondly, length is generally considered to be much safter than "uniqueness", a longer passphrase with small character set is computationally harder to brute force than a smaller passphrase with a very large character set.
I literally have been playing with password brute forcing over the last few days and you can break a password of 1-7 characters long hashed with a fast GPU, precalculated rainbow tables and just a few minutes of computation. That's using a wide character set of all Upper and lower case Alpha, numeric and special symbols including space.
In comparison just extending that to 10 length password even with just lower alpha requires so much computational time that only super computer are going to break it within your life time. 10+ just isn't possible with the hardware we have right now, or for the forseeable future.
There's a great XKCD comic on this:
http://xkcd.com/936/
Maybe M$soft doesn't want people doing long passphrases like the horsebatterystaplething.
Perhaps a few years ago without gpgpus in the mix, a minimum of 10 characters would've been reasonble, now 10 chars is a little short and quite possible to bruteforce even without supercomputers. I'd say 12+ would be the minimum.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter