• ClamDrinker@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    4 months ago

    And even with that base set, even if a computer could theoretically try all trillion possibilities quickly, it’ll make a ton of noise, get throttled, and likely lock the account out long before it has a chance to try even the tiniest fraction of them

    One small correction - this just isn’t how the vast majority of password cracking happens. You’ll most likely get throttled before you try 5 password and banned before you get to try 50. And it’s extremely traceable what you’re trying to do. Most cracking happens after a data breach, where the cracker has unrestricted local access to (hopefully) encrypted and salted password hashes.

    People just often re-use their password or even forget to change it after a breach. That’s where these leaked passwords get their value if you can decrypt them. So really, this is a non-factor. But the rest stands.

    • laurelraven@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      That’s fair

      It’s still a rather large pool to crack through even without adding more than the 1000 most common words, extra digits, minimal character substitution, capitalization tweaks, etc