@stevefoerster that's very misleading because you can't guess X million permutations over an Internet connection... If you have physical access to the machine, the password length doesn't really matter unless you're James Bond.
@pj
It is useful for cases where people reuse passwords and an attacker has access to the encrypted passwords on one machine. Password reuse is generally bad, but still common.
It can be relevant for when you its about decrypting data and not providing access. Like an encrypted disk or password store. There are also systems that can slow those down though, but not that widespread
@stevefoerster
@wmd @stevefoerster in that case, reusing the password is the vulnerability, not the password length. If the original system was compromised, they could just as easily modify the source to save pws as plaintext, assuming the software was hashing in the first place. It's a valid point to encourage longer passwords, I'm not denying that.
