Ah! And this is why I don’t really care that much about long passwords or things of that nature. If the attack is brute force, it could still get lucky and guess it in 5 hours just like this UUID thing!
The chance to get lucky and pick a long, random password is still ridiculously small. The chance to pick admin123 is ridiculously large. You see the difference?
With this logic you could say the chance to hit the lottery jackpot is the same as if the numbers are just 3 digits long. It’s not trying all the possible combinations all at once.
If the password was forced to be a specific length and could not be shorter or longer, it would be the same as that. But they’re not usually forced to be a specific length. They do have bounds, but that also makes it so there are fewer possible combinations to guess.
Ah! And this is why I don’t really care that much about long passwords or things of that nature. If the attack is brute force, it could still get lucky and guess it in 5 hours just like this UUID thing!
The chance to get lucky and pick a long, random password is still ridiculously small. The chance to pick admin123 is ridiculously large. You see the difference?
Length doesn’t matter if it’s randomly trying every possible combination. It could just as easily guess the longest possible password as the shortest.
Other methods of attack would be a good reason to make it long and nonsensical; not a random brute force attack.
With this logic you could say the chance to hit the lottery jackpot is the same as if the numbers are just 3 digits long. It’s not trying all the possible combinations all at once.
If the password was forced to be a specific length and could not be shorter or longer, it would be the same as that. But they’re not usually forced to be a specific length. They do have bounds, but that also makes it so there are fewer possible combinations to guess.