Yup! But you also add all the previous password lengths as well, as an attacker will most likely not know the length of your password. To make it more accurate, I could've put in an 8-character minimum or something like that, but it wouldn't be too significant anyway given exponential growth with password length.
Yup! But you also add all the previous password lengths as well, as an attacker will most likely not know the length of your password. To make it more accurate, I could've put in an 8-character minimum or something like that, but it wouldn't be too significant anyway given exponential growth with password length.
Ah, right, totally forgot that an attacker needs to go through all lengths too, my mistake.