xkcd

[dsawatzky]

My frigging bank won't allow me to use special characters. You would think out of all the institutions out there that would take care to allow more secure passwords, banks would be about #1 on the list. Apparently not.

MY bank introduced stricter passwords, and I cried fowl - now I have to write down my passwords or I won't have access to my money (nor my wife) - making it even less secure!
Plus they introduced secret questions where THEY pick the questions - which doesn't always work for joint accounts - because how the heck is my wife supposed to remember my first pets name? OR my best friends name in kindergarten... AND they authenticate based on IP address, so if my wife wants to log in she has to email or call me for the answers to my 'secret' questions!


I also complain to websites that host nothing more sensitive than a forum, yet enforce secure passwords - and then don't even bother to offer an https:// page, sending my new hard to crack password through the network in plain text. Like cnet.com, and maximumpc.com... shouldn't they know better?

[dracolytch]

None of my (relatively simple) passwords have ever been cracked.

My bank has exposed my personal information
Sony has exposed my personal information
My graduate school has exposed my personal information
A previous job has exposed my personal information
And I've had my credit card number stolen by a waiter/waitress once or twice

At this juncture, evidence suggests I am not the weak link.

[frinklabs]

In a former job as the network admin for a content delivery organization, I was tasked to find the longest english word that could be typed with one hand.

At the time, it was stewardesses

Later examination of the documentation of the Frink progamming language shows that devertebrated is longer.

Yes, it was ADULT content delivery.

[Dave]

This seems like a good time to shamelessly plug my website:

http://www.passwordcard.org/

It generates colour coded, credit card sized, printable cards for you which you can use to choose strong passwords that you don't have to remember. Instead, you remember a coloured symbol, like "green dollar" or "purple square". You keep it in your wallet, which you already know how to protect well. It has its faults, but it's much safer than most people's current password practices...

Eh, by remembering X (colour) and Y (symbol) coordinate, doesn't that give you only ONE letter on the chart then though?

RTFM You read along from the starting point, in whatever order you like, for whatever number of characters you like, and use that as your password.

So to break it, someone needs to a) get to your password card b) know your starting point c) know your direction and d) know how many characters you are using. Plus any other logic you've used, like skipping every other character or whatever.



http://howsecureismypassword.net sounds like a great website to collect frequently used passwords to use later in brute force attacks!

[javahead]

I really don’t think it matters how secure your password is (except for more important things like online banking and PayPal). As long as your pissed off friend/boy/girlfriend can’t get into something that’s important to you by typing “password”. Honestly, how many people want to mess-up your xkcd forum account? The password is only there so someone can’t, on a complete whim, decide to be you.
(but if you like making nerdy arch-enemies, watch out)

On an unrelated note my friend has had a 42-letter password for his laptop for years. Apparently he's far ahead of the game.

In the race to carpal tunnel syndrome?

[Andrusi]

I suddenly find myself thoroughly convinced that Stephen Hillenburg initially conceived of SpongeBob SquarePants as a means of remembering his password.

The last panel reminds me of memorizing four-digit PINs, which I accomplish by associating them with characters from the appropriately-numbered installments of a certain video game series.

It occurs to me that you could make an extremely secure password by memorizing a series of operations that would produce a longish string of seemingly arbitrary numbers and converting that to hex, then entering the result. Am I missing something important here?

If you have to use paper for your operations, that's as bad as just writing down your password. So you have to limit the password length such that you'll be able to reliably perform all the necessary math correctly in your head.

[gavin]

Everyone I know who actually deals with ethical hacking (and a few who are not so much on the ethical side of things) says that size is all that matters when it comes to password length. I was most recently taught that 15 characters (assuming it's still not a single word) completely changes the dynamic of how long it takes to hack. This is because it changes the password type.

Computers currently use two invisible boxes that contain 7 characters of the password each. More complex characters like symbols make it take longer but not by much. Of course, not placing symbols in this <15 character setup means it will only take a few minutes to crack. correcthorsebatterystaple is 26 characters and therefore insanely good (aside from the fact that it is now a common term). Every character past the 15 mark increases difficulty in terms of years.

All the companies that demand symbols and numbers should alternatively allow 15+ character passwords. Why is this not a given already?

[password]

The calculation in the comic assumes that you already know the "recipe" used to build the password you want to brute force. Granted, the number of existing recipes probably won't make up for the difference, but I don't think every recipe is known.

My highest security password is pretty long. My only complaint is that it is easy to make mistakes when typing it, because you can get lost in the middle due to not being able to see the characters. I think I'm a reasonably good touch typer, so what I've noticed is that if I type the password quickly, without thinking, it's usually OK, but if I type slower, I make mistakes.

Sometimes I wonder if more password fields should offer the option of showing the characters. The vast majority of the time, I'm alone at home or in my office when I type my password. So, barring a hidden camera, there would be no risk in showing the password. (And if a spy is going to all the trouble of installing a hidden camera with a good enough resolution to read my screen, they might as well install a keylogger first!)

[blabla12]

dear randall,
awesome comic as always.. blabla
can u explain me pls, where did u get those entropy values?
just post some kind of a formula here and ill be more than happy
thx

[Kit.]

For extra security, use backquotes.
\"password\" really messes with most cracking programs.

There was a site where I could use `rm -rf /` as my password - and then get a funny result.

And yes, Randall already has a comic on this topic.

[Ehsanit]

I'd say a good yet easy to remember password is something like: bbbbbhunter2cccccddddd

entropy (in the sense generally used) is not really necessary, as long as most "bruteforcers" aren't trying to do
of course, if it gets common to repeat many letters in a password, bruteforcers will start to try that, but even then it's not easy (how many letters? which ones? in which position? case sensitive?)

I can't believe no-one has pointed this out, but such a password is particularly weak when it comes against a shoulder surfing attack.It is incredibly easy to see what someone's typing when they hammer the same key again and again.

[Jeff S]

What is the strength of a password generated by initialism? That is, taking a long phrase, like a few stanzas from a poem, scripture verse, quote from a favorite book or movie, or something along those lines, preserving case, and using the first, or last, or second letter of each word, maybe throw in spaces after individual phrases, and preserve the punctuation in the poem?

Example:

Poem excerpt from "The Raven" by E.A. Poe
"Once upon a midnight dreary, while I pondered weak and weary,
Over many a quaint and curious volume of forgotten lore, . . ."

Which you might transform into the password:

"Ouamd, wIpwaw, Omaqacvofl"

On the one hand, your punctuation might be very limited (mostly commas, periods, question marks, exclamation marks, and maybe quotation marks), you'd have some spaces, mixed caps, and perhaps numbers, but maybe not.

[Harry Voyager]

Code: Select all

phrase: Everything should be made as simple as possible, but not simpler.
site: xkcd
password: esb4dmasapbns

The only problem with this is when sites require you to use numbers, odd characters, mixed case, and so on.

That's the method I recommend to friends and family. If the site requires odd characters, just do what you did for the number - capitalize the nth letter, and toss a # or & in next to the number and you have most cases covered.

Problem is, after explaining this to friends and family, I find they still use the simple 1-word or 1-word + number method. I'm starting to think a password generator like KeePass or the ones that come with fingerprint scanners are the only practical answer. People are not just resistant to hard-to-remember passwords, they're also resistant to hard-to-type passwords. The generators do the typing of the hard-to-type hard-to-remember for you, making it much more likely to be used.

Also keep in mind that you're supposed to use a different password for every site (or at least the important ones). My dad typed his password into a phising email, and unfortunately it was the password he used for everything including bank accounts. It took a few days to hit all the sites he could think of where he had accounts, and change every password. Having a different password for each account is still hard to do with memorized passwords. But using a generator makes it easy.

The main drawback of the generator in my experience is that if you lose access to the machine(s) with the generator installed, you're locked out of all your accounts. I keep my email as a memorized password, so worst-case I can reset the password on an account and get in that way.

The limitation that I ran into with having a different password for every important site is that, just in my private sphere, I have 17 different passwords that can either access my fiscal information, or my data in various federal entities, including credit cards, band accounts, car loans, student loans, car insurance, federally issued licenses, tax returns. Most of these I use less than once a month, and many I haven't needed to use in years. My Ham license, for example, doesn't expire until 2020, and I don't expect to use that account until then.

I ask you, how do you remember something for years, that you do not use?

[PurdueSi2]

Don't remember it. Use Lastpass.

All client-side encryption. Only your encrypted data is uploaded to their servers. You can backup offline if you're worried about not being able to get your passwords if their servers are down. Even if their servers are hacked, all the hackers get is your encrypted data, so you're still safe. Multifactor authentication, Yubikey support. I can go on and on, but it's hands down the best password mgmt plugin out there.

You just remember 1 very strong password, and it remembers the rest. I have 120 some site logins, and every one has a different password. All randomly generated...

If you need more convincing, there's a security now podcast that goes very in depth as to why it's safe.

Episode #256. http://www.grc.com/securitynow.htm

EDIT: Forgot to mention it's FREE.

[Nem]

Again with that RETARDED “longer > complexerererer” straw man argument? *sigh*

I think you misunderstand the basis of the argument. The 'blocks' you're remembering in the case of a pass-phrase are the words themselves - the password is in effect four or so blocks long, whereas the blocks from some suitably abstract gobbledigook are the characters themselves.

The difference is that there are many more words that you might be using than there are characters you might be using, so the search space expands much more quickly. Gobbledigook will net you more blocks but they're drawn from a smaller search space.

Yes, there is unicode which has a potentially greater search space tied to each block than a dictionary does - but it's not on the keyboard (hard to input) and few of the characters are familiar to us so it's not memorable. What'll happen is people do silly things, pick the characters that they use a lot in regular life and append it to their password in some way and declare it secure. The counter to which is of course to search those regularly used characters first - just as dictionary attacks will search the regularly used words first.

Of course the ideal password would just be a few hundred KBs of background radiation.... But that's excessively paranoid.

[zheak]

To everybody saying lockout timers protect you, the real threat isn't an attack on the website form, it's an attack on their database/password file which is becoming increasingly common. (google: sony hack).

Once they get a hold of the list, the game is over far sooner than you might think. Assuming 1000 attempts per second is laughable. Last year, a computer with four radeon hd5970 cards could brute force more than 30 BILLION guesses per second. (http://blog.zorinaq.com/?e=43) Be certain newer hardware can do significantly better.

at 30 billion pure brute-force guesses a second:

your 8 character case-insensitive letters-and-numbers password is cracked in 90 seconds.
your 8 character case-sensitive letters-and-numbers password is cracked in 2 hours.
your 8 character letters-numbers-symbols password is cracked in 3 days.

Of course this is assuming they bother to hash your passwords at all, many sites simply store your passwords as cleartext, completely removing the need to brute-force anything. A good warning sign is if they send your password in an email after signing up or completing their password recovery tool.

[coffeecat]

I love security, but not as much as I'd hate typing "Meinin aeide thea Horsebatterystaple Achileos oulominein" on a touchscreen keyboard the size of a stick of gum. Especially if I'm supposed to catch my mistakes when it echoes what I type as "***********************************************************************"

[SpringLoaded12]

There's a way to make the former type of password memorable.
Rather than some random-ass word, make it a memorable phrase from a movie. Say you want to use a Star Wars quote (don't, pick something at least somewhat more obscure), so now the potential password is "iamyourfather".
When replacing letters with numbers, be consistent. Don't replace one instance of a particular letter but not the other instance, that's what makes it confusing.
So now we've got "14my0urf47h3r".
Toss in a special character ("!" works well) to trip up some of the simpler dictionary attack software, now we've got "14my0urf47h3r!". It's a convoluted mess, but because you know how it was made that way, you can remember it.
Try a different phrase though. Maybe "playitagainsam" or "ishotamaninreno" or "canttouchthis".

So now I'm going to have to change all my passwords to correct horse battery staple.

I guess it's a small price to pay for security, but I'm going to miss hunter2.

Oh my god, someone else who reads bash/QDB? I never thought I'd find one...

Oh, where to start...

Most sites have a maximum password length, somewhere in the 10-15 character range.

Those sites piss me the hell off! Like you wouldn't believe how much they piss me the hell off!

I once encountered a site where the password had to be exactly 10 characters. Worst thing ever.

[Jeff S]

And really, how secure is Tr0ub4dor&3 when you use it for every site, like many people do? (http://xkcd.com/792/)
(#792 actually made me decide to revise my passwords to all the sites I visit at least somewhat frequently. Now, I use a different password for almost every site, and they consist of interspersed letters, numbers, and punctuation. In fact, they look a lot like troubador over there. And yes, I do remember them all )

This is why I kind of like the idea of OpenId (or at least, something similar; it might be that OpenId has some sort of implementation flaw that makes it unsuitable). I wouldn't use an OpenId login, I think, for something *important* like online banking, online health records/bills, etc; but, seems like for something like the XKCD forums, slashdot, most online magazine/news websites comment systems, etc, OpenId has the advantage that, *even though* I'm essentially using the same password on every site, the sites should never see the password, and if the account gets compromised, I should be able to change that password once and it's effectively changed everywhere (instead of having to try to remember every website I've registered the password with).

Can anyone comment on what the potential weaknesses of a system like OpenId are? Just sort of guessing here, but I think the likely problems might be:

* Spoofing/MITM - go to a site, click the "OpenId Login" button, but what pops up isn't really your OpenId Server's page, but instead a man-in-the-middle page which reports the password to the site owner and only then passes the password over to the OpenId Login Server to verify that you actually typed your correct password, then saves the harvested password locally.

* I've seen a number of websites where you can *either* login with your OpenId account, OR a "local" account username/password. Once logged in with OpenId, you can change the "local" account email address and password, then disable the OpenId login. This means that if someone compromised your OpenId password even temporarily, they would have a window of opportunity to go in and start taking over your accounts by changing the "local" email addy and password, then disable OpenId and you are locked out of your account. This is a big problem, and not one that OpenId itself can't solve - website developers have to be aware of this, and give users the option to either make the OpenId login the *only* login, now-and-forever, OR, require the local password before allowing any 'administrative' changes to the account (such as updating the local password or email address).

[neuromancer92]

Can someone help me out with Randall's calculation of Tr0ub4dor&3? His entropy estimations dont make a whole lot of sense to me. His estimations on things like "unknown order" are a little odd, but I'm assuming their an estimate from smarter-than-brute-force (cracker assuming a word of some kind then characters, because the whole thing is unknown order to brute force?) What's particularly throwing me is his character entropy values... Seems to me that in a full-ASCII password, all characters benefit from the increased entropy unless we assume a crack order of, say, lowercase-uppercase-numeral-symbol (which we very well might, I suppose). Either way, I guess its primarily getting 16 bits from Tr0ub4dor that I cant quite understand?

[TaylorP]

I suddenly find myself thoroughly convinced that Stephen Hillenburg initially conceived of SpongeBob SquarePants as a means of remembering his password.

I was never really a fan of SpongeBob, but he definitely fits Randall's password system!

[correcthorsebatterystaple]

I am offended that my name is being used as a password. How would you like it if "Randall Munroe" was the most common password? (Oh, wait, that is my password... Dang it)!

-Correct Horse Battery Staple, Jr.

[fmobus]

Just use this ... where ever possible... anyone can do ctrl c ctrl v ... and encrypt the file you store those in... safely

https://www.grc.com/passwords.htm

Ok, I know it's probably not the case for this generator, but the following attack just crossed my mind:

1) create a neat password generator
2) massively advertise on social networks
3) ...
4) profit


The trick is to have the generator work with very limited entropy, so that a brute-force is actually trivial even thou the suggested passwords look random to the lay user. If you somehow manage to track who is using your generator (facebok like's, tweets, etc), you kinda have evertything you need to hack them.

[shiznits]

I would like to thank all of you that have given me great information on how to create a brute force algorithm specific to your password cracking needs.

[enricofosaveo]

Many password requirements in corporate America require some mixed case, some numeric content, and some non-alphanumeric. Therefore, you need to augment with a scheme to include those characters.

I've always been a fan of the pseudo-acronym approach. Pick a lyric from your favorite tune, a verse from your favorite poem, or a line from your favorite book. Make your password the first character from each word, plus add the requisite numeric and non-alphanumeric characters. It also makes password hints easier, if supported.

Example: From "The Low Spark of High Heeled Boys" -- Traffic

"The percentage you're paying is too high priced, while you're living beyond all your means."

Password = Tpypithp,wylbaym.0
Hint = spark % nothing

Easy to type (just remember the lyric and type the first letter of each word as you recite it in your head). non-alphanumerics through punctuation is almost automatic. The digit is just there to appease the password strength checkers, but even without it this scheme will provide very, very high levels of password strengths.

If you do forget and have a password hint mechanism or if you simply have to write something down, the hint tells you everything you need to know without revealing much. What song; what verse; what numeric character...

[Spoe]

(gee, what happens when you're trying to do a brute-force search and someone limits your search space to concatenated English words?... you jump around saying "yippee! yippee!")

Not really, even if you limit yourself to a small subset of the full English language. Take the 1000 most common words and concatenate four of them (without duplicates). The number of candidate passwords is 1000!/(1000 - 4)! or as close as makes no difference to 10^12 or about 40 bits of entropy or roughly 31 years at 1000/second. Yeah, a lot faster than not treating it as concatenated words, but still much, much slower than the first password. Note that neither "battery" nor "horse" are in any of the several top 1000 English word lists I've checked, so this wouldn't have cracked "correcthorsebatterystaple".

Make it the 5000 most common words and you're up to about 49 bits of entropy.

[goibee]

I get the point that Randall is making, that we are making an error in the way we are encouraging people to exchange passwords. But could someone explain to a layman who knows little about computers why 4 random words are harder to guess then the random gibberish and what all those squares and stuff mean

thanks

[Cosmologicon]

Wow, lots of good information in this thread, but I'm amazed at how many people don't understand password strength. The comic does it exactly right. Basically, the more possible passwords your password-generating algorithm can generate (assuming it generates them all with equal probability), the better it is. For the most part, it doesn't matter whether it uses symbols or English words or what.

If you can't do the math, here's my rule of thumb: generate 10 passwords. Do a Google search for 9 of them. If all 9 of them return 0 hits, then the tenth one is good enough to use. A password I used to use when I was young and stupid (0okm9ijn8uhb) is shown to be terrible using this method, even though howsecureismypassword.net says it would take 600 years to crack.

I would like to thank all of you that have given me great information on how to create a brute force algorithm specific to your password cracking needs.

Here's mine. Best of luck!

Code: Select all

tr -dc "[:alnum:]" < /dev/urandom | fold -b12 | head

[webgrunt]

No matter what your password is, anyone could hire a couple of thugs to beat it out of you with a wrench (I think this was an XKCD comic). The ONLY way to have true security is to select a complicated passphrase that not even you can remember.

[Lem0n]

I'd say a good yet easy to remember password is something like: bbbbbhunter2cccccddddd

entropy (in the sense generally used) is not really necessary, as long as most "bruteforcers" aren't trying to do
of course, if it gets common to repeat many letters in a password, bruteforcers will start to try that, but even then it's not easy (how many letters? which ones? in which position? case sensitive?)

I can't believe no-one has pointed this out, but such a password is particularly weak when it comes against a shoulder surfing attack.It is incredibly easy to see what someone's typing when they hammer the same key again and again.

that's not a concern for me, because:
1) I'm usually not worried about people that are around me (I probably know them somehow)
2) it's unlikely that they're trying to steal my password
3) I still have some entropy in my password (they may figure out I'm hammering the same keys, but not see which ones exactly, or the other part of the password)
4) I bet as much as you want that "shoulder surfing attack" is responsible for less than 1% of password steals around the work. Way less.

[ARVash]

To all those claiming that the concatenated words is a weakness, let's consider the average dictionary, 50,000 words.

50000 ^ 4 = 6.25 * 10^18

Yeah. I'd love to see you brute force

Walrus Flatulent Creamed Corn

That's GIVEN that you are only looking for people using the word concatenation pattern, GIVEN that they haven't mispelled anything, GIVEN they haven't replaced the o's with 0's, GIVEN they aren't using mixed case.

I'm willing to bet Walrus Flatulent Creamed Corn is at least 10 orders of magnitude more secure than your password.

[Ehsanit]

4) I bet as much as you want that "shoulder surfing attack" is responsible for less than 1% of password steals around the work. Way less.

Depends on who your "attacker" is. If some criminal who wants your bank details, certainly he's not going to be watching you type it in on your home computer. But if it's your little brother who wants to wreck a bit of havoc on your facebook page or take a nosy peek at your emails, that would be by far the easiest way to get in (unless of course you've done something particularly dumb like left it logged on in the first place.)

[Ehsanit]

No matter what your password is, anyone could hire a couple of thugs to beat it out of you with a wrench (I think this was an XKCD comic). The ONLY way to have true security is to select a complicated passphrase that not even you can remember.

Or maintain plausible denyability. Truecrypt does this exceptionally well, letting you use a false password to access a bunch of dummy secrets as though you'd used the real one.

http://www.truecrypt.org/docs/?s=plausible-deniability

[Mechphisto]

According to this site:
https://www.grc.com/haystack.htm
greater entropy occurs the more TYPES of characters you use versus length.
The site makes a convincing case to me. It's example:
D0g...............
is a more effective password than a long string of random characters, simply because it DOES have a lower, an upper, a number, and a symbol.

Is this not so?
Thanks for feedback!

[dmm]

First I laughed. Then I thought he was dead wrong because he was assuming each character was independent. That's bad logic. Then I calculated and realized his error doesn't matter.
Assume roughly 2000 common English words. Each can be in one of four locations. That's 2000^4. That's 16e12.
Randall's (bad logic) estimate is 2^44. That's (2^4) * (2^10)^4. That is approximately 16 * (10^3)^4. That's 16e12.
By the way, Koko the chimp could sign about 2000 words. So Koko could make strong passwords. If you can't, you're dumber than a chimp.

[espadrine]

First I laughed. Then I thought he was dead wrong because he was assuming each character was independent. That's bad logic. Then I calculated and realized his error doesn't matter.
Assume roughly 2000 common English words. Each can be in one of four locations. That's 2000^4. That's 16e12.
Randall's (bad logic) estimate is 2^44. That's (2^4) * (2^10)^4. That is approximately 16 * (10^3)^4. That's 16e12.
By the way, Koko the chimp could sign about 2000 words. So Koko could make strong passwords. If you can't, you're dumber than a chimp.

Randall's logic isn't bad. His calculation of entropy assumes 2048 words, ie, 2^11 (hence his 11 bits per word). The calculation then is (2^11)^4 = 2^44.

On the other hand, I have a hard time understanding what you thought he meant.

[Silicon]

Out of my head, Randal. Had one of these arguments with the g/f last night, probably as you drew it...

[zaratustra]

Like this?

http://dl.dropbox.com/u/3923260/xkcdword.html

[Oktalist]

Having done some brute force password cracking this comic isn't truthful to real life from my experience. When brute forcing a password you can do various types of attacks but the larger the pool of characters for each character of a password, the higher total # of password possibilities. Example. A 5 character all lower case password provides 11,881,376 possibilities whereas a 5 character password using upper case, lower case and 0-9 produces 916,132,832 possibilities. That password would be potentially 77.10 times harder to crack using brute force methods than first example.

That's a naive brute force approach. This is dictionary-based.

Again with that RETARDED “longer > complexerererer” straw man argument? *sigh*

That's not the argument at all. "correcthorsebatterystaple" _is_ complexerer than Tr0ub4dor&3. It just so happens to be longer as well, but that is not argued to be the basis of its relative strength.

“correct horse battery staple” = [a-z ]^28 = 27^28, or realistically probably [a-zA-Z -]^28 = 54^28, or, at best, 64^28.
But in the REAL WORLD, that’s cracked in no time with a simple dictionary attack. Which for myspell/de_GB.dic is less than 46281^4!

46281^4 is still greater than 64^10, a typical "random" password of [[:alnum:][:punct:]]. But that's not the kind of password the comic is advising against. The undesirable kind of password is a single dictionary word with a few character substitutions and appended digits, more like 46281*(20^10), which is an order of magnitude weaker.

If only ONE of those is a Unicode char, suddenly the brute force system has to be used and suddenly even 256^x doesn’t do it anymore: (remember, this is just a comparison while keeping the length)
“✔orrect horse battery staple” = realistically 109449^28 (Unicode 6.0), or even when going blindly for 16 bit, it’s still 65536^28.

If the attacker expects only one non-ASCII character, then it's not 109449^28, but (64^27)*109449*28. Or in the REAL WORLD, as you say, (46281^4)*109449*28. (*28 because he doesn't know which of the 28 chars is the unicode one.) Mixed-caps and selective character substitutions would give an equivalent or better strengthening.

Everyone I know who actually deals with ethical hacking (and a few who are not so much on the ethical side of things) says that size is all that matters when it comes to password length. I was most recently taught that 15 characters (assuming it's still not a single word) completely changes the dynamic of how long it takes to hack. This is because it changes the password type.

Computers currently use two invisible boxes that contain 7 characters of the password each.

That's not any hashing function that I know of. Sounds like it could be a Windows thing.

The trick is to have the generator work with very limited entropy, so that a brute-force is actually trivial even thou the suggested passwords look random to the lay user. If you somehow manage to track who is using your generator (facebok like's, tweets, etc), you kinda have evertything you need to hack them.

Oooh, that is just... Oh!...

You are an evil genius, sir.

And an excellent advertisement for open source crypto.

_{For me, the best password generation is still an acronym of a memorable phrase unique to me with some character substitutions.}

[Jamaican Castle]

Am I really stupid and missing something, or is all this brute force discussion made moot by the fact that most websites lock you out for 5 - 60 minutes after ~5 failed password attempts?

If a hacker gets access to a database containing your password, then those time-based protections won't help you.
Normally passwords are hashed, so that they are unreadable. If the database uses a good hash, the only way to retrieve your password is via brute force. Thus the discussion of entropy.

But it doesn't matter how "random" your password was when you generated it - now that it exists as a specific password, there's no randomness involved at all*. If our hypothetical cracker was able to decrypt the password table for the website (or whatever) in question, which is entirely a matter of the security they, not you, have in place, then you're hosed. If on the other hand they can't and all they have is an encrypted version, then it doesn't matter since even simple phrases are unrecognizably mangled.

Unless, I suppose, they can come up with a list of possibilities from the hashed version, but the only thing I can see the size of that list varying by is length, not content, of the password.

I guess the real takeaway here is, don't do business with companies too woefully incompetent to protect their password files.

* the exception is something that generates each password from the previous one, like a garage-door opener, but that's not what we have here.