To be fair, that assumes complete exhaustion of the password space. If you assume that a given password is totally random, then it’d take half that time, 80 years, on average.
Thing is, most people don’t choose totally random passwords, and there are utilities that will try to generate statistically-more-common passwords sooner in that sequence.
I’m probably very out-of-date here, but as an example, one elderly utility, John the Ripper*, comes with “mangling rules” to append a “1” at the end of a given sequence fairly early, because that’s how a lot of people make their password pass a digits requirement.
I’d guess that today, someone probably has software that has rules to order its attempts that are trained off leaked password databases to be statistically optimal to defeat them, rather than merely manually crafted with human guesswork.
carl_dungeon@lemmy.world 1 month ago
Totally fair points! Password managers FTW, all my passwords are 25 character complete random.
tisktisk@piefed.social 1 month ago
I was told there is no such thing as complete random
AdrianTheFrog@lemmy.world 1 month ago
www.idquantique.com/…/quantis-qrng-pcie/
catloaf@lemm.ee 1 month ago
That depends on whether you believe in determinism.
Current CSPRNGs are good enough for our purposes.