I think the creator's comment is talking past the original post: in my reading, it wasn't suggested that a random 20-character password was successfully brute-forced due to a weak KDF. My reading was that the target likely had a strong non-random password, one that was derivable via OSINT or post-seizure forensics (i.e., playing password keyword soup). The KDF's weakness made a search for that password feasible where a strong KDF (like Argon2id) would have prevented it.
In other words: nothing about the scenario requires the target to have failed to engage in proper password management or even password selection (beyond the minor but extremely normal decision to use a memorable password rather than a random one).
And 128 characters chosen by quantum decay in an airgapped facility would be unassailable. But among the many passwords between the two, there is a band of passwords which were reasonably secure under a threat model that excluded massive GPU attacks, and are not reasonably secure when one includes them.
Something I have wondered about as a nerdy person is just typing in your favourite bit of maths (as LaTeX) or similarly pseudocode. Utterly memorable to you, highly unlikely to be memorable to other people, high use of special characters and non-English words, and a reasonable number of characters are generated without brain power. A bad example of this perhaps would be "i\hbar\frac{∂}{∂t}|\psi\rangle=H|\psi\rangle". Burned into my brain, typable quickly on a keyboard with known special character locations (replace ∂ with \partial if that is a concern) and almost _certainly_ not in a wordlist. Shannon entropy of ~4.3, equivalent to ~240 bits of key, and a specific metric entropy of ~0.1.
Honestly that's a pretty good idea, since there are still enough latex commands that you're sitting pretty even with a latex-augmented dictionary attack. Still though, I've never had trouble memorizing 5 word passwords even with weird capitalization patterns, and they're really easy to type compared to anything with a special symbol. Then again I only have 3 passwords on hand and not in a manager, so who knows?
Cleverness can't compete with real entropy. There's a reason that ping-pong balls, and not mathematicians, generate the weekly lottery numbers.
Say there are a million cool math phrases, and for each one, a million different l33tspeak ways of expressing it. That's 10^12 possibilities, or around 2^40, which was coincidentally the US export limit for encryption tools in the 1990s (i.e., weak then and much weaker 30 years later). Maybe that doesn't sound horrible to you, but what are the chances that your scheme is so weird that a dictionary builder wouldn't generate it?
Better to stick with the xkcd/diceware/BIP-39 family of methods. Those algorithms intentionally lack cleverness.
I mean 40 bits is better than a correct-horse-battery-staple format password by a little bit. The space of all interesting equations is presumably tiny, but I do think I could memorize a random twenty-expression password almost as well as I could remember 6 or 7 words (since many random arrangements will be somewhat meaningful). I'll stick with my 5 random words because they're easy to type, but so long as you draw at random it really doesn't matter what you're sampling from.
That's right. My million-x-million estimate was rhetorically generous. (xkcd's specific example was about 44 bits.)
OP -- not to put too fine a point on it, but it's a terrible idea. So much money has been lost to brain wallets in the digital-currency space by people who picked obscure song lyrics, wrote it backward in pig latin, capitalized every third letter etc. etc. etc. and then wondered why their balances were zeroed out. You want the competition to be about the limits of physics, not about the limits of your creativity vs. an army of computers.
Read Moonwalking with Einstein by Joshua Foer to see how easy it is to memorize things using the memory-palace technique (https://en.wikipedia.org/wiki/Method_of_loci). Anyone can remember a 10-word phrase, especially if you build it up by adding a word or two every few weeks. The key is to start with something unguessable, as ravi-delia says, like https://iancoleman.io/bip39/. If you start with something guessable like a transliterated math expression, then you brought a knife to a gun fight.
Once this idea becomes popular, it will get into brute-force probing templates.
My approach now is phrases in a few words in different languages, ideally transliterated from non-Latin scripts; it makes the search space much larger while preserving memorability.
Only if you're sure you'll never have to type it when the keyboard layout is set to something different from what you're used to. Good luck remembering where these special chars are...
That’s a third thing: most people don’t use either random passwords or XKCD-style passwords; they use a combination of words, letters, and punctuation that contain some memorable context. That generally produces very mediocre (but not completely terrible) passwords, which a strong KDF then transforms into an infeasible amount of work.
In other words: nothing about the scenario requires the target to have failed to engage in proper password management or even password selection (beyond the minor but extremely normal decision to use a memorable password rather than a random one).