Re: See what a weak password will get ya?
Frank Gevaerts <frank@gevaerts.be> said on Fri, 23 Jul 2004 10:44:34 +0200:
> On Thu, Jul 22, 2004 at 07:24:01PM -0700, Scarletdown wrote:
> > I second that recommendation. I always prefer to have passwords with
> > the following features:
> >
> > Minimum of 8 characters
> > At least 1 capital letter
> > At least 1 lower case letter
> > At least 1 number
> > At least 1 special character
>
> Except that in an ideal world where everyone uses random passwords, this
> kind of restrictions actually makes the password easier to guess.
That's precicely what I was thinking.
For each character range of size N that you *must* choose, you
diminish the keyspace by a factor of N/256.
So, if you must have a capital letter, there goes a factor of 26/256 ~
1/10.
If you must have a capital letter or a number, then that's now 36/256.
If you must have an underscore, then you lose a factor of 256. Whoa!
Of course, the 256 in all of the above should really be quite a lot
less (maybe 26+10+10 or so special chars?) because most people don't
enter high ascii and control characters into their passwords - maybe
they should :)
--
TimC -- http://astronomy.swin.edu.au/staff/tconnors/
Chairman: I'm glad to see so many bright-eyed and bushy-tailed people
here at this time of the morning.
>From the audience: Actually, most of us are rabid. -- From an astro talk
Reply to: