seems overly complex.
i heard at a security conference that in pure combination brute forcing a password that mixtures of upper lower etc do little to actually delay a break.
computers dont care whats in a password and the one factor that slows them down is length.
apparently the best password is a long one. as humans we are wired to remember phrases, pictures etc better than complex patterns so the password
iwenttothebeachwithmydogandthrewitastick
is quite a good one. no spaces so computers dont know where a word starts and stops. good luck dictionarying that. something to consider for you. id find remembering your generated passwords complex. people will write them down in a book or notepad file on their pc which defeats the security of it.
note that was in relation to complexity.
your system has pass valid for 1 minute. its overly complex for 1 minute. it could be simplier with brute force not possible in that time
i heard at a security conference that in pure combination brute forcing a password that mixtures of upper lower etc do little to actually delay a break.
computers dont care whats in a password and the one factor that slows them down is length.
apparently the best password is a long one. as humans we are wired to remember phrases, pictures etc better than complex patterns so the password
iwenttothebeachwithmydogandthrewitastick
is quite a good one. no spaces so computers dont know where a word starts and stops. good luck dictionarying that. something to consider for you. id find remembering your generated passwords complex. people will write them down in a book or notepad file on their pc which defeats the security of it.
note that was in relation to complexity.
your system has pass valid for 1 minute. its overly complex for 1 minute. it could be simplier with brute force not possible in that time
What if the Bruteforce method use a database of words which it looks for within the password. So it dissect the password, by looking for words, even if there are no spaces in between? I like to replace letters with numbers, for example : P@$$w0rd43v3R {Password for ever}-- So there is no recognisable words in that password that can be extracted.
It is still readable by humans, but computers will have a hard time figuring that out.
(And NO, I am not using that password, it was just an example)what you say makes no sense...
it doesnt know your password or length. a brute force tries every character as 1..... then does every combo of 2 letters. if it knew my password was x characters how would it know where words stop and start it wouldnt. letters replaced with numbers dont trick computer brute forces... it tricks humans guessing.
COMPUTERS DONT have a hard time with numbers instead of letters. computers dont have brains, souls, reasoning. they do what we tell them to do.
test and t3st is no different to a computer. it will crack them both brute forcing in roughly the same time.
I thought that in a dictionary-based brute-forcing it makes a big difference. And also I thought that the fist thing a cracker tries is going through all the possible real words because most people use them for passwords and thus using this method can save a lot of time. Was I wrong? Do they no longer use a dictionary-based brute-forcing?