Why is 3 random words as a password better than a load of random characters?

1.72K views

Why is 3 random words as a password better than a load of random characters?

In: 52

75 Answers

Anonymous 0 Comments

It’s not. This is an extremely widespread misconception and the xkcd on this is wrong.

Password cracking isn’t done by brute force. There are a ton of statistics involved that determines which patterns should be prioritized to hash and compare.

In a dictionary attack, 3 random words is a low entropy sequence. This is because while on a character by character basis, the entropy is high, in a dictionary attack, each word is a symbol, and 3 symbols is not a lot even though there are lot of words in the dictionary.

You are viewing 1 out of 75 answers, click here to view all answers.