Yeah, I don't trust any password manager that either
A) Is closed source, so I can't audit what they do with my data
B) Is open source, which makes it easier for hackers to crack
I guess I can share what I do:
I got a bunch of documents lying around, nothing out of the ordinary. One of those documents is a missing page of a scientific paper, and also my password map. The only thing I need to remember is where the password for the login that I need starts. So all my passwords are LONG, and they usually contain some symbols too.
Also, since the passwords are partial phrases, phrase and a half, etc. of natural language, they're pretty easy to remember even without consulting the password map.
But hard to brute force, let's say that you know I got full phrases, and you even know that I got 5 words per password.
That's still some 200000^5 = 3.2e+26
When compared to a password with 8 random symbols:
100^8 = 1e+16
(That's alphabet*2 + numbers + punctuation + then some)
Oh, a good brute force rate for passwords is 10 billion guesses per second. Unless you got some supercomputer at your disposal. (Let's face it, if you got a supercomputer, you're not too interested in my Constellation Taurus)
So 5 random words:
200000^5/10000000000/60/60/24 = 370370370370 days.
8 random symbols:
100^8/10000000000/60/60/24=11.6 days.
So as we can see, 5 random words is better, even when you downright tell the attacker you're using 5 words, enabling them to use dictionary attack, than 8 random symbols.
A) Is closed source, so I can't audit what they do with my data
B) Is open source, which makes it easier for hackers to crack
I guess I can share what I do:
I got a bunch of documents lying around, nothing out of the ordinary. One of those documents is a missing page of a scientific paper, and also my password map. The only thing I need to remember is where the password for the login that I need starts. So all my passwords are LONG, and they usually contain some symbols too.
Also, since the passwords are partial phrases, phrase and a half, etc. of natural language, they're pretty easy to remember even without consulting the password map.
But hard to brute force, let's say that you know I got full phrases, and you even know that I got 5 words per password.
That's still some 200000^5 = 3.2e+26
When compared to a password with 8 random symbols:
100^8 = 1e+16
(That's alphabet*2 + numbers + punctuation + then some)
Oh, a good brute force rate for passwords is 10 billion guesses per second. Unless you got some supercomputer at your disposal. (Let's face it, if you got a supercomputer, you're not too interested in my Constellation Taurus)
So 5 random words:
200000^5/10000000000/60/60/24 = 370370370370 days.
8 random symbols:
100^8/10000000000/60/60/24=11.6 days.
So as we can see, 5 random words is better, even when you downright tell the attacker you're using 5 words, enabling them to use dictionary attack, than 8 random symbols.
Last edited:
