On 20 Mar 2024 15:45 +0100, from p...@debian.org (Pierre-Elliott Bécue): >> it should be like 32 symbols with special symbols? Or this paragraph >> in a handbook is rather paranoid? > > It's not paranoid.
For 82 symbols (mixed-case alphanumeric plus 20 special characters), 32 characters is equivalent to about 203 bits. (82^32 ~ 2^203 or, expressed differently, log_2(82^32) ~ 203.) At a rate of 2^50 guesses per second, that will take about 3.6*10^38 _years_ to go through. A widely agreed-upon figure for the age of the universe is around 1.4*10^10 years. Therefore such a password would take, very roughly, 10^28 times the age of the universe to brute force. Of course, with only 32 characters actually chosen, the character set size can in principle be reduced to 32, yielding 32^32 = 2^160 possibilities. At the same rate, that would take about 4.1*10^25 years; a measly 10^15 times the age of the universe. I sincerely doubt that guessability of such a password will be the weak link in overall system security. -- Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”
