To be clear, the personal info I revealed is that my password is more than 20 characters long. I just don't see how telling the world that my password is more than 20 characters long compromises me that much. You've still got to test a huge set of keyboard characters, including capitalization, for 20+ character passwords and for all anyone knows knows my password could be 40 characters long. Just for reference, if my password is exactly 21 characters long, and if it uses upper and lower case alphabet characters plus numbers and common symbols, then there are 408,162,404,503,791,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 possibilities.
No one is claiming that your 20 character password is easy to crack, for the time being. It has, however, been pointed out that since you revealed that it is 20 characters, it would be
easier to crack than if you had said nothing about its length, since the cracker will not have to spend time checking passwords <20 characters. If this seems trivial, remember that passwords nowadays are the key to valuable information about us and that Moore's Observation (Law) means that the cost of technology needed to crack passwords is getting cheaper quickly. The time will come when there will be a low degree of difficulty to crack a 20 character pw--it might come sooner than you think.
Show Posts
