How Secure is my Sh*t?
I've been using KeepassXC for several years now on Linux and Mac computers. On iPhone and iPad, Strongbox can read from and manipulate the same database. Recently, I wanted to know just how secure my stuff is. What does it really mean to an attacker that my password has n bits of entropy? I assume you already know what entropy means for a password, but here's a simple primer: Suppose your password consists of upper and lowercase characters, numbers and spaces. That gives you an alphabet of 2*26+10+1, or 63, possible characters to choose from. That's just a tad less than 2^6, so we'll fudge and say that each character gives you 6 bits of entropy. If you generate a password with 12 random characters from this alphabet, it will have 12 * 6, or 72 bits of entropy. How good is that? That was the question that kept bugging me. Just how strong is any number of bits of entropy How long would a brute force attack take that guesses every possible hash of 12 characters c
