Frank Gevaerts <[EMAIL PROTECTED]> said on Fri, 23 Jul 2004 10:44:34 +0200: > On Thu, Jul 22, 2004 at 07:24:01PM -0700, Scarletdown wrote: > > I second that recommendation. I always prefer to have passwords with > > the following features: > > > > Minimum of 8 characters > > At least 1 capital letter > > At least 1 lower case letter > > At least 1 number > > At least 1 special character > > Except that in an ideal world where everyone uses random passwords, this > kind of restrictions actually makes the password easier to guess.
That's precicely what I was thinking. For each character range of size N that you *must* choose, you diminish the keyspace by a factor of N/256. So, if you must have a capital letter, there goes a factor of 26/256 ~ 1/10. If you must have a capital letter or a number, then that's now 36/256. If you must have an underscore, then you lose a factor of 256. Whoa! Of course, the 256 in all of the above should really be quite a lot less (maybe 26+10+10 or so special chars?) because most people don't enter high ascii and control characters into their passwords - maybe they should :) -- TimC -- http://astronomy.swin.edu.au/staff/tconnors/ Chairman: I'm glad to see so many bright-eyed and bushy-tailed people here at this time of the morning. >From the audience: Actually, most of us are rabid. -- From an astro talk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
