seems overly complex.
i heard at a security conference that in pure combination brute forcing a password that mixtures of upper lower etc do little to actually delay a break.
computers dont care whats in a password and the one factor that slows them down is length.
apparently the best password is a long one. as humans we are wired to remember phrases, pictures etc better than complex patterns so the password
iwenttothebeachwithmydogandthrewitastick
is quite a good one. no spaces so computers dont know where a word starts and stops. good luck dictionarying that. something to consider for you. id find remembering your generated passwords complex. people will write them down in a book or notepad file on their pc which defeats the security of it.
note that was in relation to complexity.
your system has pass valid for 1 minute. its overly complex for 1 minute. it could be simplier with brute force not possible in that time
i heard at a security conference that in pure combination brute forcing a password that mixtures of upper lower etc do little to actually delay a break.
computers dont care whats in a password and the one factor that slows them down is length.
apparently the best password is a long one. as humans we are wired to remember phrases, pictures etc better than complex patterns so the password
iwenttothebeachwithmydogandthrewitastick
is quite a good one. no spaces so computers dont know where a word starts and stops. good luck dictionarying that. something to consider for you. id find remembering your generated passwords complex. people will write them down in a book or notepad file on their pc which defeats the security of it.
note that was in relation to complexity.
your system has pass valid for 1 minute. its overly complex for 1 minute. it could be simplier with brute force not possible in that time
What if the Bruteforce method use a database of words which it looks for within the password. So it dissect the password, by looking for words, even if there are no spaces in between? I like to replace letters with numbers, for example : P@$$w0rd43v3R {Password for ever}-- So there is no recognisable words in that password that can be extracted.
It is still readable by humans, but computers will have a hard time figuring that out.
(And NO, I am not using that password, it was just an example)