1 comment

[ 3.5 ms ] story [ 13.9 ms ] thread
I thought this updated blog post on password strength was interesting. I am disappointed they do not discuss the strength of using a diceware[0] based passphrase. Even limiting yourself to 4-letter words in your custom wordlist and using a 4 word passphrase, no capitalizations or space gives you 16 characters and against a ChatGPT-esque computer system it would still take them 2 years to compute all MD5 hashes. Using bcrypt, a PBKDF such as Argon2id or even SHA-1 would add thousands of years to the compute time. Using 6 or 8 word passphrases and a custom wordlist with 4, 5, and 6 letter words, 6 dice wordlists instead of the traditional 5 and you have a pretty solid password even against the most powerful computers today and in the near future.

[0]: https://theworld.com/~reinhold/diceware.html