I don't think correcthorsebatterystaple is easier to crack than the Troubador variation. Hash cracking often includes the use of a wordlist and a ruleset which builds variations on the words from a wordlist. Some common ones I use for my job are
OneRule and Hob0Rules. Notably I did run the word "troubador" through these and did not get the final result of "Tr0ub4dor&3" but they did both produce "Tr0ub4dor". These rulesets both produce > 50k passwords from a single word to guess so it's not outside the realm of possibility to have more/better rulesets that are used.
On the other hand, while it's definitely feasible to take a wordlist and make random permutations of sticking words together, I think in general that sort of password is used less often.
100% Agree password managers are the way to go, but for people that aren't using them I would definitely suggest long/multiple random words together over short LEETspeek with special char number tacked onto the end style password.
On the other hand, while it's definitely feasible to take a wordlist and make random permutations of sticking words together, I think in general that sort of password is used less often.
100% Agree password managers are the way to go, but for people that aren't using them I would definitely suggest long/multiple random words together over short LEETspeek with special char number tacked onto the end style password.
https://github.com/NotSoSecure/password_cracking_rules https://github.com/praetorian-inc/Hob0Rules