You are viewing a single comment's thread from:
RE: What is a Safe Password or Private Key?
How come you don't recommend the usual 80 bits of security for a truly random password?
How come you don't recommend the usual 80 bits of security for a truly random password?
Because 80 bits is already not secure, and plus there is no way to know that a password has 80 bits of entropy, so it's always better to add more to it. I'd use 128 bits at least.
80 bits is still a pain in the a** to break, even for a State. I agree 128 is better, I wish Ethereum would have chosen that. Nice article .
https://security.stackexchange.com/questions/69374/is-an-80-bit-password-good-enough-for-all-practical-purposes
Some say that governments can crack at 2^40 guesses per second, that would leave 35000 years of strength per password, however that is on average , they might get lucky and break it faster.
Or the 80 bit entropy is not actually 80 but only 60, because your RNG is too weak.
Or quantum computers might speed up the password cracking, and they might start cracking much faster.
So most cryptographers recommend 128 bits, and we should already transition to 256bits, when BTC will add Schnorr signatures:
https://en.wikipedia.org/wiki/Schnorr_signature
thanks for the links. Btw if you want a good article on 128 vs 256 you can check this one: https://blog.agilebits.com/2013/03/09/guess-why-were-moving-to-256-bit-aes-keys/.
What do you thunk about this?
https://steemit.com/security/@profitgenerator/generate-secure-random-passwords-or-private-keys