I try to explain how attackers would guess your password, should they get their hands on your encrypted data. There are some thoughts on the strength of real-world passwords and suggestions for your new password.
TL;DR XKCD solved this problem a decade ago, and somehow most of the industry still hasn’t caught up.
Still a good read, BTW.
So we always assume passwords were unsalted? Or can they also brute force salts?
how about
openssl rand -hex 50B)This blog posts makes some weird assumptions. One that especially stood out to me was that when writing a password, someone would only capitalize the first letter. What? Its probably more common, but its definitely not the only letter someone would capitalize. There’s a few other assumptions like that, and I’m not sure where they’re coming from.




