> My takeaway is that it's more important to use a long password than to mix and match letters/digits/special characters
Yes. Trivially, if you use only two symbols (eg: "0" and "1"), a (random) password of 128 letters should be pretty safe. Note that your example of just 300 of one letter wouldn't be all that safe. In general, a good password won't really be easy to remember, because it needs to encode a lot of entropy.
More generally, you probably want log2(Nsymbols^length) >= 64, possibly => 96 (ie: equivalent to at least 64 or 96 bits of entropy). If you're using big and small letters, digits, and say ten printable symbols, every single letter (each random pick of one of the 226+10+10=72 symbols) adds roughly 6.17 bits of entropy. So you'll need at least eleven letters in your password. If you just use small letters, every character in your password adds about 4.7 bits - so to "climb over" 64 bits of entropy, you'd need at least 14 letters in your password.
Using just digits, each digit 0-9 adds about 3.32 bits, so for 64 bits you'd need a string of 20 random* digits.
To enumerate half of 2^64 passwords at 200 million tries/second, would take about 2^63/(200 000 000 * 3600 * 24 * 365) ~ 1 499 years. Clearly, if you had 3 000 machines, you could do this in about half a year - so depending on your risk profile, you might choose to aim for 96 bits: 2^95/(200 000 000 * 3600 * 24 * 365) ~ 6 439 554 927 618 years ... (That's eg: 29 random digits).
Yes. Trivially, if you use only two symbols (eg: "0" and "1"), a (random) password of 128 letters should be pretty safe. Note that your example of just 300 of one letter wouldn't be all that safe. In general, a good password won't really be easy to remember, because it needs to encode a lot of entropy.
More generally, you probably want log2(Nsymbols^length) >= 64, possibly => 96 (ie: equivalent to at least 64 or 96 bits of entropy). If you're using big and small letters, digits, and say ten printable symbols, every single letter (each random pick of one of the 226+10+10=72 symbols) adds roughly 6.17 bits of entropy. So you'll need at least eleven letters in your password. If you just use small letters, every character in your password adds about 4.7 bits - so to "climb over" 64 bits of entropy, you'd need at least 14 letters in your password.
Using just digits, each digit 0-9 adds about 3.32 bits, so for 64 bits you'd need a string of 20 random* digits.
To enumerate half of 2^64 passwords at 200 million tries/second, would take about 2^63/(200 000 000 * 3600 * 24 * 365) ~ 1 499 years. Clearly, if you had 3 000 machines, you could do this in about half a year - so depending on your risk profile, you might choose to aim for 96 bits: 2^95/(200 000 000 * 3600 * 24 * 365) ~ 6 439 554 927 618 years ... (That's eg: 29 random digits).