Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Even then, as machines get faster and crackers get smarter, these behemoth passwords will fall.

This is fairly trivial to show is false. A 256-bit password that can be checked at one clock-cycle per iteration with 1 million cores running at 30GHz will take 1.2e53 years to crack[1]. If you generate it by base-64 encoding a random 256-bit string you will end up with only a 12 character password (hardly a "behemoth").

[edit] It's 1.2e53 years to exhaust the search space; you can expect to crack X% of the passwords in X% of the time (or have an X% chance of cracking a single password in X% of the time)

[1] https://www.google.com/search?q=2%5E256%2F(1e6*30e6%2Fs)#scl...



One note here - base-64 encoding a 256-bit string would result in a 44 character password (43 without padding).

It would be pretty cool if a 12 character password gave you 256 bits of entropy though :)


You're right; I did 256/8 in my head and got the obviously wrong result of 8 rather than 32.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: