They’re basically trying to find the time to create duplicate UUIDs. UUIDs are randomly generated and assumed to be so unique and actually random across… well, everything, that no one even checks if they’re actually unique. They suggested they found one in 5 hours. The only maybe possible way I could think of to do this legitimately is to use some ridiculously powerful computer and still get very lucky.
Ah! And this is why I don’t really care that much about long passwords or things of that nature. If the attack is brute force, it could still get lucky and guess it in 5 hours just like this UUID thing!
The chance to get lucky and pick a long, random password is still ridiculously small. The chance to pick admin123 is ridiculously large. You see the difference?
With this logic you could say the chance to hit the lottery jackpot is the same as if the numbers are just 3 digits long. It’s not trying all the possible combinations all at once.
If the password was forced to be a specific length and could not be shorter or longer, it would be the same as that. But they’re not usually forced to be a specific length. They do have bounds, but that also makes it so there are fewer possible combinations to guess.
They’re basically trying to find the time to create duplicate UUIDs. UUIDs are randomly generated and assumed to be so unique and actually random across… well, everything, that no one even checks if they’re actually unique. They suggested they found one in 5 hours. The only maybe possible way I could think of to do this legitimately is to use some ridiculously powerful computer and still get very lucky.
Ah! And this is why I don’t really care that much about long passwords or things of that nature. If the attack is brute force, it could still get lucky and guess it in 5 hours just like this UUID thing!
The chance to get lucky and pick a long, random password is still ridiculously small. The chance to pick admin123 is ridiculously large. You see the difference?
Length doesn’t matter if it’s randomly trying every possible combination. It could just as easily guess the longest possible password as the shortest.
Other methods of attack would be a good reason to make it long and nonsensical; not a random brute force attack.
With this logic you could say the chance to hit the lottery jackpot is the same as if the numbers are just 3 digits long. It’s not trying all the possible combinations all at once.
If the password was forced to be a specific length and could not be shorter or longer, it would be the same as that. But they’re not usually forced to be a specific length. They do have bounds, but that also makes it so there are fewer possible combinations to guess.