Is This a Secure Password?

It's a weak password because it has a simple description: 30 repetitions of !.

This generalizes to a space which still has a simple description and is very small: the set of all strings of lengths 1 to 30 that are repetitions of an ASCII character.

If we assume 95 printable ASCII characters, the entire dictionary of these strings is just 2850 entries.

Repetition is one of the most obvious ways of building a longer string, and of encoding long strings of symbols in a short program.

Steve Gibson would say[0] it's better than "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" because it's a character longer

This article[1] disagrees because of the difference in bounding entropy high or low

NIST[2] says the following (by way of [3]):

> 4 bits - first character

> 2 bits - each of next 7 characters

> 5 bits - characters 9-20

> 1 bit - each character over 20

In short ... go for long passphrases whenever possible over passwords (and, of course, hope your target hashes them well!)

------------

[0] https://www.grc.com/haystack.htm

[1] https://treskal.com/kha/blog/2011/08/26/how-much-entropy-in-...

[2] https://web.archive.org/web/20040712152833/http:/csrc.nist.g...

[3] https://blog.augustschell.com/passwords-passphrases-complexi...

8Ty]t4"=O7`!9RM$8SqlAhy0(H+:7Dj?7S-BOL]crNnE+|!i^Q#T3b4zG`v6dW'f@bQTPM)T;}7axj9lspY31Xf4vsr4Y@yZw"Loqy4*

'Password too long'