xkcd: Password Strength

The correct horse battery staple from the above XKCD is a good example, but I'll give you another one. Let's pretend you are trying to remember: banana army acid nose spray. I would probably imagine an army of bananas doing acid while being sprayed out of a giant nose. And if you start to include somewhat nonsensical phrases like "correct horse battery staple" that even opens things up more. Include other things like spacing, capitalization, misspellings, made up words, or even prepending or appending a "traditional" password gets you even more still. Dylan16807 on Jan 15, 2017. If you pick completely random words from the dictionary, you get about 17 bits ... Plotting this on our chart with both Bitcoin mining and clustered hobbyist password cracking, we see (click to enlarge): ... I know Randall Munroe of XKCD fame created the "correct horse battery staple" comic, advising everyone to create 4-word passphrases. This is fine, provided that those 4 words meets that minimum 70-bits of entropy. In order for that to happen though, the word list needs ...

