I let my password manager create 32 char passwords, that should be enough for a while. But of course then you have websites that throw you a ‘your password is too long’ message and have you find out by trial and error that they only accept 12 characters.
Or the off-by-one errors where the insist that 24 chars are the max, but in reality they accept 23. Probably never tested the limit.
Or websites that truncate your password after X characters when registering, but not when logging in, so you end up with an incorrect password and good luck finding out which limit the registration page actually uses.
CanadaPlus@lemmy.sdf.org 3 months ago
That’s a big rainbow table. Like, way too big to exist assuming you mean random ascii characters (on the order of 10^42^ entries).
teletext@reddthat.com 3 months ago
frezik@midwest.social 3 months ago
State actors don’t generally need to break passwords. They ask the company “nicely” and they get what they want. The exception would be if that password is being used to encrypt data.
CanadaPlus@lemmy.sdf.org 3 months ago
10^31^ is ridiculously huge too. The NSA probably works on EB scales, which is “only” 10^18^ bytes. If you can get up to 10^22^ you’re fine against brute force-style attacks.