Further, he noted that “Criminal gangs have built botnets from thousands of computers infected with their malware. Marshaling large numbers of these computers they control might allow them to crack a five word passphrase in a reasonable amount of time.” (Gosney’s 25-GPU cluster attacked the NTLM cryptographic algorithm that Microsoft has included in every version of Windows since Server 2003. It’s known to be much more vulnerable to cracking than other algorithms. Gosney’s machine wouldn’t perform as fast against PBKDF2, for instance.)
UPDATE: In a followup e-mail to Ars, Gosney noted that “The figures are based on a brute-force attack that targets a single hash. Due to the nature of GPU computing, attacks that combined multiple words are potentially much slower.” At the moment, “Since there are no tools that currently combine three or more words, we don’t really know for sure how much slower it would be.”
In Reinhold’s Diceware FAQ, he writes that “Six words may be breakable by an organization with a very large budget, such as a large country’s security agency. Seven words and longer are unbreakable with any known technology, but may be within the range of large organizations by around 2030. Eight words should be completely secure through 2050.”
Seven-word Diceware passwords should be considered today for some high-value systems, such as Bitcoin wallets, he wrote. “I do not claim to be an expert on Bitcoin, but some Internet searching suggests that many Bitcoin wallets do very little key stretching. That and the fact that wallets are often used to store large sums of money, make them a very attractive target,” he wrote.
Remembering long passwords is hard, especially if you’re trying to remember a lot of them. That’s why security experts recommend using a password manager, which generates random passwords for websites you need to log into, requiring you to only remember one password to unlock the password management software. Diceware isn’t the only method for creating a strong master password, but if it’s the method you prefer, a five-word password is no longer recommended.