this post was submitted on 20 Jul 2024
1625 points (98.7% liked)

linuxmemes

20880 readers
2 users here now

I use Arch btw


Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] sus 1 points 3 months ago* (last edited 3 months ago)

if you know there are exactly two additional characters

this is pretty much irrelevant, as the amount of passwords with n+1 random characters is going to be exponentially higher than ones with n random characters. Any decent password cracker is going to try the 30x smaller set before doing the bigger set

and you know they are at the end of the string

that knowledge is worth like 2 bits at most, unless the characters are in the middle of a word which is probably even harder to remember

if you know there are exactly two additional characters and you know they are at the end of the string, the first number is really slightly bigger (like 11 times)

even if you assume the random characters are chosen from a large set, say 256 characters, you'd still get the 4-word one as over 50 times more. Far more likely is that it's a regular human following one of those "you must have x numbers and y special characters" rules which would reduce it to something like 1234567890!?<^>@$%&+-() which is going to be less than 30 characters

and even if they end up roughly equal in quessing difficulty, it is still far easier to remember the 4 random words