Which password is harder to guess/brute-force:
- onlysmallletters!
- Ez65);k
And also, can you explain your answer?
Asked
Active
Viewed 55 times
0
schroeder
- 125,553
- 55
- 289
- 326
Laimonas Sutkus
- 101
- 1
-
Absolutely required here: https://xkcd.com/936/ . Beware more of a joke than a serious anwser hence only a comment. But it shows that the length is more important than the number of character classes when you try to actually compute entropy. – Serge Ballesta Jan 31 '22 at 08:37
-
Here's the problem with the basis of the question. They are now equally weak, because I can add both to me password list to try when brute forcing. – schroeder Jan 31 '22 at 08:40
-
@schroeder I would like a more mathematical explanation, where one could prove that one password is harder to brute-force than the other. – Laimonas Sutkus Jan 31 '22 at 08:45
-
Ah, that's a slightly different question and we have some answers on that. – schroeder Jan 31 '22 at 09:32
-
2The math involved is about entropy. We have several questions about that here, many of which reference the XKCD comic above. The practicalities involved include things like known passwords, reused passwords, etc. So, in short, there is no simple method to calculate. All "password strength calculators" involve quite a lot of assumptions. Which is why this was closed as opinion-based, because everyone has their own assumptions about that. However, my comment above about adding these specific strings to a password list cannot be dismissed. – schroeder Jan 31 '22 at 09:36