[Riddick94]

Quote:

Originally Posted by Y_Less This actually isn’t a good idea. The trend in passwords is towards things that are hard for people to remember, but really easy for computers to guess, since they literally don’t care about the difference between S and $. Meanwhile people will try and meet the requirements in the simplest way possible, with something like p4S$word - and they all think they’re really clever because they used @ instead of a, which is not clever at all and all the good crackers know about literally every replacement scheme. A MUCH better scheme (known as “correct horse battery staple”) is to have the user select four random words (there are services for this, but they tend to use a reduced word set - just flick through a dictionary, or get a word from the back of a shampoo bottle or something): glossy lock pillar stinky VASTLY easier to remember, and VASTLY harder to crack. See the XKCD comic that introduced it: https://www.xkcd.com/936/

And what do you think about KeePass password generator actually? Is that going to be in your opinion not safe as well, because "all the good crackers" are going to know the basics of character generator algorithm behind it?