re: Keeping your GitHub code secure VIEW POST


On password strength - this is very bad advice! Modern password crackers rely on dictionaries making passphrases actually less secure. Brute force techniques are far more sophisticated than what is explained in the meme. I recommend watching this video to get an idea:


Thanks Jonathan I'll check it out. Intuitively, it seems like combining 4 or 5 words would mean even a dictionary attack would take an exponentially long time (x entries to the power of how many words you chose).

But then I suppose the quick scalability and immense power of systems like aws and azure, for example, can turn most complex tasks into trivial ones.


I forgot to mention, the video linked is pretty old and some of the advice for good password complexity is outdated, but it gives a decent idea of what a mildly sophisticated password attack would look like.

A passphrase would probably need to be 5 words or above (~50 000 common words ^ 5 = actual entropy, not as explained in the meme) to be more secure than a 12 character password (~71 character choices ^ 12 = entropy).

code of conduct - report abuse