I think I see your (and Yakk's) point now. The shorter strings that collide with a long passphrase it are likely to be pretty random, so pretty much the only way to stumble upon them is brute force. "Tre6uch3t" itself is considerably less so, and can be reached by a dictionary attack.gmalivuk wrote:If my Twitter post passphrase collides with the hash for 20 random ASCII characters, and yours is just a mangling of "trebuchet", then an attacker is orders of magnitude more likely to get your actual password than to hit upon either my Twitter post or any of the shorter strings that collide with it. Meaning my passphrase is orders of magnitude better than yours.
So, if passwords are actually chosen randomly, then my point stands. But as long as the space from which passwords are actually chosen is significantly smaller than the space available (bits in the hash), then longer is still better even though it leads to collisions.
I agree with this. Thanks, and thanks Yakk too, who said pretty much the same thing even more clearly.