Why is a long passphrase better than a complex short password?

Entropy increases linearly with length but exponentially with the character set. A long passphrase (like four random words) is easier to remember but significantly harder for a computer to crack via brute force than a short, complex string like 'P@ss1'.

How does TrueRNG help in password generation?

TrueRNG uses the Web Crypto API (CSPRNG), ensuring that the random values used to pick characters or words are statistically unpredictable, unlike standard library generators which might have patterns.

What is the Diceware method?

Diceware is a method for creating passphrases by using dice (or a secure RNG) to randomly select words from a large list. This creates high-entropy secrets that are human-memorable but machine-uncrackable.

Best Practices

The Guide to Secure Passwords: Size Matters

Jan 2026

1. The Thermodynamics of Brute Force: The Physics of Cracking

The modern digital landscape is no longer a playground for the intellectually curious; it is a battleground defined by the cold, hard thermodynamics of computational power. In the domain of information security, specifically regarding authentication and credential guarding, the adversary is not a human being sitting at a keyboard making educated guesses. The adversary is a mathematical engine, a relentless thermodynamic process designed to exhaust the probability space of your secrets. The security of a password is not defined by its cleverness, its linguistic flair, or its mnemonic utility. It is defined strictly by the amount of energy and time required to locate it within a mathematical search space.

We are currently witnessing a paradigm shift in the economics of brute-force attacks. This shift is driven by the commoditization of high-performance computing, specifically the evolution of the Graphics Processing Unit (GPU). The NVIDIA RTX 4090 is not merely a consumer device for rendering video games; it is a weaponized mathematical accelerator. Its architecture, designed for massive parallelism, happens to be perfectly optimized for the bitwise operations that constitute cryptographic hashing.

When we scale this to a cluster—a standard configuration for password cracking rigs—the numbers become incomprehensible to the human mind. An eight-card cluster of RTX 4090s pushes this throughput into the Terahash range. At these speeds, the concept of "time" changes. We are no longer talking about years or months. We are talking about milliseconds.

Live Simulation: GPU Throughput

Guesses attempted by a high-end cluster since you loaded this page:

Based on ~100 Billion hashes/sec

The physics of this attack vector are rooted in the architecture of the GPU. Unlike a Central Processing Unit (CPU), which is designed for serial processing and complex logic branching (making it a "Ferrari" that can drive fast but only carry a few passengers), a GPU is a massive array of thousands of smaller, simpler cores (a fleet of 10,000 buses). For password cracking, we do not need complex logic. We need to perform the same simple mathematical operation (hashing) on billions of different inputs simultaneously. This is an "embarrassingly parallel" problem. The RTX 4090, with its 16,384 CUDA cores, can theoretically check tens of thousands of passwords in a single clock cycle.

This commoditization of power renders traditional advice obsolete. We have told users for decades to "make it complex." We told them to replace 'a' with '@' and 'i' with '1'. This advice, often referred to as "Leetspeak," is a dangerous myth in the face of modern hardware. If the password is short—standard 8 characters—complexity is irrelevant. The mathematical space of an 8-character password, even utilizing every printable ASCII character, is roughly $6.6 \times 10^{15}$ combinations. To a human, that is a vast number. To a cluster of RTX 4090s running Hashcat, that is an afternoon's work.

Key Concept

The attacker does not guess your password; they do not try to psychoanalyze you. They exhaust the mathematical space. They burn electricity to calculate every possible permutation until the hash matches. If the space is small enough to be traversed, you are compromised.

1.1 The Evolution of Hashcat and Hardware

The tool of choice for this thermodynamic assault is Hashcat, widely acknowledged as the world's fastest password cracker. Hashcat is a specialized piece of software that interfaces directly with the GPU hardware, bypassing the operating system's graphical layers to run raw OpenCL or CUDA code.

The evolution of Hashcat mirrors the evolution of the hardware itself.

CPU Era: Early cracking was done on CPUs. It was slow.
GPU Era: The introduction of programmable shaders allowed hackers to offload math to the graphics card.
ASIC/FPGA Era: Specialized hardware (Application Specific Integrated Circuits) exists for specific algorithms (like Bitcoin mining), but for general password cracking, high-end consumer GPUs remain the sweet spot of flexibility and raw power.

The latest benchmarks for the RTX 4090 reveal the terrifying efficiency of this software-hardware pairing.

MD5: A legacy hashing algorithm still shockingly prevalent. A single RTX 4090 hits ~163.4 GH/s.
SHA-1: Another deprecated but common algorithm. Speed: ~58.5 GH/s.
SHA-256: The standard for modern security (and Bitcoin). Speed: ~21.7 GH/s.
NTLM: The Windows logon hash. Speed: ~285.8 GH/s.

Note the disparity. NTLM is broken at speeds ten times faster than SHA-256. This is because NTLM (based on MD4) requires fewer bitwise operations per hash. This physics dictates that Windows passwords must be significantly longer than web passwords to offer the same level of time-based security.

1.2 The Myth of Complexity

Why is "complexity" a myth? Because it addresses the wrong variable in the entropy equation. Complexity increases the density of the search space (the number of options per slot), but it does not change the dimensionality (the number of slots).

When a user changes password to P@ssword!, they believe they have outsmarted the hacker. In reality, they have simply moved from a dictionary attack to a rule-based attack. Hashcat has a "Best64" rule set—a list of the 64 most common transformations humans apply to passwords. Capitalizing the first letter is Rule #1. Appending a digit is Rule #2. Replacing 'a' with '@' is Rule #3.

An RTX 4090 does not care if you added a symbol. It consumes the "complex" password just as easily as the simple one, provided the length is short. The computational cost of checking the symbol set is negligible compared to the exponential cost of adding length.

2. The Mathematics of Entropy (The PhD Section)

To understand why length is the only metric that matters, we must abandon qualitative descriptions and embrace Information Theory. Security is not a feeling; it is a quantity. That quantity is Entropy, measured in bits.

Entropy quantifies the uncertainty inherent in a random variable. In the context of passwords, it represents the minimum number of bits required to encode the total number of possible passwords in the search space. It is a measure of the "work" an attacker must perform.

2.1 The Fundamental Formula

The entropy (E) of a password generated by a truly random process is determined by the size of the character set (N) and the length of the password (L).

The formula is derived from the Hartley Entropy equation:

E = L × log₂(N)

Where:

E is the Entropy in bits.
L is the Length of the password (number of characters).
N is the Cardinality of the Character Set (the pool of unique symbols available).

This equation reveals the fundamental asymmetry of password strength.

N (Character Set) is inside the logarithm. Increasing N yields diminishing returns.
L (Length) is the multiplier. Increasing L yields linear growth in bits, which translates to exponential growth in the Search Space (S).

The Search Space (S) is the total number of permutations:

S = N^L

Interactive Entropy Lab

PASSWORD LENGTH (L)

8 chars

Entropy:

46 bits

⚠️ Vulnerable to fast brute force.

2.2 The Proof: Exponential vs. Linear Scaling

Let us mathematically prove why adding length is superior to adding complexity.

Baseline:

Assume a password of length L = 8 using only lowercase letters (N = 26).

S_base = 26⁸ ≈ 2.08 × 10¹¹

E_base = 8 × log₂(26) ≈ 37.6 bits

Experiment A: Increasing Complexity (The "Special Character" Approach)

We instruct the user to use uppercase letters, numbers, and symbols (N = 95). We keep the length at 8.

S_complex = 95⁸ ≈ 6.63 × 10¹⁵

E_complex = 8 × log₂(95) ≈ 52.5 bits

Experiment B: Increasing Length (The "Passphrase" Approach)

We instruct the user to keep using only lowercase letters (N = 26) but we increase the length to 12.

S_long = 26¹² ≈ 9.54 × 10¹⁶

E_long = 12 × log₂(26) ≈ 56.4 bits

Comparison: Even though Experiment A used a much richer alphabet (95 symbols vs 26), Experiment B is stronger. The search space of the 12-character lowercase password is roughly 14 times larger than the 8-character complex password.

Now, consider the TrueRNG approach: High Complexity (N = 95) AND High Length (L = 16).

S_secure = 95¹⁶ ≈ 4.4 × 10³¹

E_secure = 16 × log₂(95) ≈ 105 bits

The difference between 52 bits and 105 bits is not "double." It is a logarithmic scale. 105 bits is 2⁵³ times stronger than 52 bits. 2⁵³ ≈ 9,000,000,000,000,000. The 16-character password is nine quadrillion times harder to crack than the 8-character complex password. This is the proof. Mathematical scaling heavily favors the exponent (L) over the base (N).

2.3 Visualizing Entropy: The Security Cliff

To visualize this, imagine a bar chart representing the bit-strength of various password strategies. The "Security Cliff" is the threshold where brute force becomes impossible.

P@ssword1 (8 chars): This bar is barely visible. Due to dictionary rules, its effective entropy is near zero. Even treated as random, it sits at ~50 bits.
correct-horse-battery-staple (4 words): Popularized by XKCD. Assuming a dictionary of 2048 words, the entropy is log₂(2048⁴) = 44 bits. This is surprisingly low and vulnerable to modern GPU clusters.
TrueRNG (16 chars): This bar towers over the others. At 105 bits, it exceeds the "NIST Recommendation" and enters the realm of cryptographic keys.

This visual demonstrates that while "Passphrases" (XKCD style) are better than "Password123", they often fail to reach high entropy unless 5, 6, or 7 words are used. Random alphanumeric strings generated by TrueRNG are the most efficient way to achieve high entropy per character.

3. The "Time to Crack" Analysis (Table)

Theory is necessary, but kinetics are persuasive. We must translate "bits" into "time." How long does it actually take an attacker to break these passwords using the hardware described in Section 1?

For this analysis, we assume an attacker possesses an 8-GPU Cluster of NVIDIA RTX 4090s.

Target Hash: NTLM (Windows Authentication). This is chosen because it is fast to crack and critical for corporate security.
Combined Hash Rate: Approx. 2,200 GH/s (2.2 × 10¹² hashes per second).
Formula: We assume the password is found, on average, halfway through the search:

Time = (0.5 × N^L) / HashRate

Password Style	Example	Entropy	Crack Time (RTX 4090)
Weak Human	Summer2025!	< 20 bits	Instantly
Short Complex	Tr0ub4!&	~52 bits	~25 Minutes
Medium Lower	houseplant	~47 bits	~32 Seconds
Medium Mixed	HousePl@nt	~59 bits	~2.1 Days
Long Lower	unpredictable	~61 bits	~6.3 Days
Standard Secure	8xK#m9L$vP2q	~79 bits	~7,700 Years
TrueRNG	8xK#m9L$vP2q!nZ7	~105 bits	~690 Billion Years

Analysis of the Data

The table reveals several terrifying truths about modern security:

The 8-Character Death Zone: A fully random, complex 8-character password (Tr0ub4!&) is no longer secure. It falls in less than an hour. This invalidates the default password policy of millions of organizations worldwide.
The Human Pattern Failure: Summer2025! is 11 characters long. Mathematically, it should be strong. In reality, it is broken instantly. Why? Because the attacker uses a "Mask Attack." They assume the format <Word><Year><Symbol>. This reduces the search space from $95^{11}$ to roughly Dictionary Size × 50 × 10. It essentially has the entropy of the root word, which is negligible.
The TrueRNG Solution: Jump to row 6 and 7. By moving from 10 characters to 16 characters, we move from "crackable in a weekend" to "crackable only after the sun burns out." This is the only safe harbor.

It is crucial to note that these times vary by algorithm. MD5/NTLM are fast. Bcrypt/Argon2 are slow. However, you do not choose the algorithm; the service provider does. Many legacy systems still use NTLM. You must password-protect assuming the weakest hashing algorithm is being used.

4. The Solution: CSPRNG vs. Human Bias

If length is the shield, then randomness is the structural integrity of that shield. A 16-character password is useless if the characters are predictable. This brings us to the critical distinction between Pseudo-Randomness, Human Randomness, and True Randomness.

4.1 The Failure of Human "Randomness"

The human brain is an excellent pattern recognition machine, which makes it a terrible random number generator. When we attempt to create randomness, we invariably create structure.

Keyboard Walks: Analysis of millions of breached passwords reveals that humans heavily rely on the geometry of the keyboard. Patterns like qwert (top left), asdfg (middle left), and xcvbn (bottom left) appear millions of times.
Regional Bias: In France, the pattern is azerty; in Germany, qwertz. Attackers know this. They do not just brute force; they "toggle" keyboard layouts in their attack profiles.
Distribution Bias: When asking a human to type a random string, they will almost never type aa or 77. We perceive repetition as "not random," even though true randomness dictates that repetitions must occur. By avoiding repetition, we reduce the search space, aiding the attacker.
Semantic Anchors: We anchor our passwords to reality. "2024" and "2025" are currently the most dangerous substrings to include in a password. They allow attackers to mask the last 4 digits of a password with 100% certainty.

4.2 The Trap of Math.random()

For developers building password generation tools, the temptation is to use the built-in JavaScript function Math.random(). This is catastrophic.

The Mechanism: In V8 (Chrome/Node.js), Math.random() uses an algorithm called xorshift128+. This is a Pseudo-Random Number Generator (PRNG).
The Flaw: PRNGs are deterministic. They start with a "seed" and produce a sequence of numbers based on math. If you know the seed (often the current time) or if you can observe a sequence of outputs, you can calculate the internal state of the generator.
The Exploit: Once the state is known, the attacker can predict every future number the generator will produce. If you use Math.random() to generate a user's session ID or password, an attacker can generate the exact same password on their machine.

4.3 The Gold Standard: CSPRNG via TrueRNG

To defeat the GPU, we need Cryptographically Secure Pseudo-Random Number Generators (CSPRNG). In the browser and Node.js, this is accessed via crypto.getRandomValues().

Entropy Pool

Mouse movement, thermal noise, keystrokes.

Web Crypto API

window.crypto.getRandomValues()

Secure Password

8xK#m9L$vP2q!nZ7

The TrueRNG device feeds physical noise into the OS kernel's entropy pool. When you call crypto.getRandomValues(), you are effectively pulling bits derived from quantum chaos. This is nondeterministic. Even if an attacker has the same device, they cannot reproduce your noise.

5. Implementation: Secure Password Generator Code

Generating a secure password is not as simple as picking random characters. A naive implementation introduces Modulo Bias, a subtle statistical flaw that compromises high-security environments.

5.1 Understanding Modulo Bias

Suppose we have a character set of 62 symbols. We generate a random byte (0-255) and map it to a character using the modulo operator: index = random_byte % 62. A byte has 256 values. 256 ÷ 62 = 4 with a remainder of 8. This means the first 8 characters of our set will be mapped to by 5 byte values, while the rest are mapped to by only 4.

Result: The first 8 characters are 25% more likely to appear than the others. Over a 16-character password, this bias accumulates, significantly reducing the effective entropy.

5.2 The Solution: Rejection Sampling

To fix this, we use Rejection Sampling. We calculate a "limit"—the largest multiple of our character set size that fits within 256. If we generate a random byte that falls above this limit (into the "remainder zone"), we simply reject it and generate a new one. This ensures that every character in our set has an exactly equal probability of being chosen.

true_rng_password.js True RNG Ready

/**
 * GENERATE SECURE PASSWORD (TrueRNG Compatible Logic)
 * Uses CSPRNG (crypto.getRandomValues)
 * Implements Rejection Sampling to eliminate Modulo Bias.
 */
function generateSecurePassword(length = 32) {
  // 1. Define the Character Set (N=94 printable ASCII)
  const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-_=+{};:,.<>?";
  const charsetLength = charset.length;

  // 2. Calculate the 'Limit' for Rejection Sampling
  // 256 / 94 = 2.72 -> max factor is 2. Limit = 2 * 94 = 188.
  const limit = 256 - (256 % charsetLength);

  let password = "";
  const randomBuffer = new Uint8Array(1);

  // 3. Generate Random Bytes using CSPRNG
  while (password.length < length) {
    window.crypto.getRandomValues(randomBuffer);
    const randomByte = randomBuffer[0];

    // 4. Rejection Sampling Check
    if (randomByte < limit) {
      password += charset[randomByte % charsetLength];
    }
  }
  return password;
}

Generate Master Password

Length 24

Click Generate

6. Deep Dive: The TrueRNG Hardware Ecosystem

While the software implementation above is robust, it relies on the operating system's entropy pool. In high-stakes environments—such as generating Master Keys for a certificate authority—the quality of that entropy is paramount.

6.1 The Physics of TrueRNG

The TrueRNG series of devices address the "Deterministic Problem" of computers. A computer is a logic machine; it cannot, by definition, do something random. To get real randomness, we must leave the digital world and enter the analog world. TrueRNG devices utilize the Avalanche Effect in a semiconductor junction (specifically a Zener diode).

Mechanism: When a reverse voltage is applied to a Zener diode, it eventually breaks down and allows current to flow. This flow is not smooth; it is noisy, characterized by random fluctuations of electrons tunnelling across the junction. This is Quantum Noise.
Extraction: The device amplifies this analog noise, digitizes it, and applies a "Whitening" process. Whitening removes any bias ensuring a 50/50 bit distribution.

6.2 Hardware Versions and Throughput

The speed at which you can generate passwords depends on the entropy generation rate. TrueRNG V2/V3 outputs around 400 kbits/second. TrueRNG Pro achieves speeds up to 3.2 Mbits/second. For a Sysadmin generating a single 32-character password, any version is instant. However, for a server handling thousands of SSL handshakes per second, the "Pro" version prevents entropy starvation.

6.3 OS Integration

On Linux, the device appears as a USB CDC serial port. The rngd command pipes data from this port into the kernel's entropy pool (/dev/random), "filling the tank" so crypto.getRandomValues() draws from high-quality hardware sources.

7. The Human Element: Why We Fail

Despite the availability of TrueRNG and CSPRNGs, the vast majority of breaches are due to human failure.

7.1 The Illusion of Randomness

Humans suffer from the "Clustering Illusion." If you flip a coin 10 times and get HTHTHTHTHT, a human says "That looks random." If you get HHHHHHHHHH, a human says "That's not random." In reality, both sequences have the exact same probability ( ${0.5}^{10}$ ). When users create passwords, they unconsciously avoid clusters, creating a "fingerprint" that Hashcat rules exploit.

7.2 The "Year" Vulnerability: 2025

The current calendar year is a massive vulnerability. By using "2025", you are not adding 4 characters of entropy ( $95^{4}$ ). You are adding 1 item of entropy. This reduces the search space for those 4 slots from 81 million possibilities to roughly 5 possibilities.

7.3 The Transformation Fallacy

Users believe P@ssword is stronger than password. This is false. Hashcat rules automatically toggle a->@, s->$, o->0. This is a 1-to-1 mapping. It adds zero effective entropy against a rule-based attack.

Conclusion

Length is King. Randomness is Queen.

The era of the memorizable password is over. The physics of silicon has surpassed the capacity of the human biological neural network to generate randomness. We are in an arms race against thermodynamic engines of calculation—the GPUs—and our only defense is the exponential wall of mathematics.

Do not rely on cleverness. Do not rely on "complex" substitutions. Do not rely on Math.random(). Embrace the chaos of the universe. Use a CSPRNG. Set your length to maximum. And let the attackers burn their energy against the infinite wall of entropy you have constructed.

Action Plan for the Security Conscious

Immediate Audit: Check your Master Password. Is it less than 16 characters? Change it immediately.
Tooling: Implement the Secure Password Generator code provided above in your internal tools.
Hardware: If you manage keys for an organization, acquire a TrueRNG device to ensure your entropy pool is not the weak link.
Policy: Enforce a "Length over Complexity" policy. 20 characters of lowercase is better than 8 characters of chaos.

Detailed Research Appendix

A.1 The History of Randomness: From Von Neumann's "Middle-Square Method" disaster to the modern Hardware Random Number Generator (HRNG) utilizing quantum noise.

A.2 Anatomy of the RTX 4090 Attack: Why SIMD (Single Instruction, Multiple Data) architecture makes GPUs a fleet of 16,000 buses compared to the CPU's Ferrari.

A.3 The Semantic Patterns of Failure: 1qaz, pl09, and the geographic predictability of QWERTY vs AZERTY layouts.

A.4 Modulo Bias: The mathematical proof of why Rand % 3 creates a 25% bias against the number 2.

A.5 The Future: Quantum Computing and Grover's Algorithm effectively halve bit-strength. To maintain 128-bit security, we will need 256 bits of entropy (32 characters).

References & Further Reading

RTX 4090 Benchmark - Hashcat
NVIDIA RTX 4090 Benchmark HC 7.0.0
Password Security Length vs. Complexity
The Math Behind a Strong Master Password - Packetlabs
What is password entropy? - Proton
Navigating Randomness in JavaScript: Math.random() vs Crypto.getRandomValues()
TrueRNG V2 from ubld.it Electronics
Scripts, Drivers, and Utilities for TrueRNG - GitHub

Need secure data now?

Generate passwords, matrices, and lists instantly.

Go to Generator