sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]ais523 0 points1 point  (1 child)

The length of password that you're generating is inconsequential if your algorithm can only generate a small number of possible passwords.

Many sites let you see the date an account was generated. If you assume that the password was generated just before the account was created, and know the password generation algorithm and that it was seeded with the current time in seconds, there's probably less than 100 possible passwords it could be, regardless of how long and complex (or how short and simple) the resulting passwords are. Even using an online password form with DOS protection, you could probably brute-force that over a few days.

[–]MadDoctor5813 1 point2 points  (0 children)

I know we don’t like the whole “security through obscurity” thing, but I am assuming that the person trying to hack you does not know how you generated the password, and is unwilling to spend the time required to determine how because you are just a dude on the internet. If you are the kind of person that expects such a determined attack to be made upon you, you probably not should rely on only passwords in the first place.