That’s a big rainbow table. Like, with just precomputed values and random ascii character passwords it’s on the order of 1042 entries. You can shave that down a bit probably with all the tricks rainbow tables use, but I think you’re safe.
Base85 contains just about every printable ASCII character, so I’ll use that as a base. 8516 ~= 1031 -> extremely huge, but still feasible at least for state actors. 8520 ~= 1039 -> if I read Wolfram Alpha’s comparison correctly, that is more information than is believed to be contained in the DNA of all living creatures combined. That’s why I’d recommend >= 20 characters.
State actors don’t generally need to break passwords. They ask the company “nicely” and they get what they want. The exception would be if that password is being used to encrypt data.
That’s a big rainbow table. Like, with just precomputed values and random ascii character passwords it’s on the order of 1042 entries. You can shave that down a bit probably with all the tricks rainbow tables use, but I think you’re safe.
Base85 contains just about every printable ASCII character, so I’ll use that as a base. 8516 ~= 1031 -> extremely huge, but still feasible at least for state actors. 8520 ~= 1039 -> if I read Wolfram Alpha’s comparison correctly, that is more information than is believed to be contained in the DNA of all living creatures combined. That’s why I’d recommend >= 20 characters.
State actors don’t generally need to break passwords. They ask the company “nicely” and they get what they want. The exception would be if that password is being used to encrypt data.