You may have reduced the number of usable character combinations in a fixed character password. But if I simply add the requirement of having all 4 character types and leave the upper limit open, I have just increased the keyspace astronomically.
Example with password length fixed at 7 characters here are some numbers to look at: Lower case only password has a keyspace of 8,031,810,176 Upper & lower case keyspace = 1,028,071,702,528 Upper, lower case & numbers = 3,521,614,606,208 Upper, lower, number & Special = 75,144,747,810,816 for a 10 Character password Lower case only password has a keyspace of 141,167,095,653,376 Upper & lower case keyspace = 144,555,105,949,057,000 Upper, lower case & numbers = 839,299,365,868,340,000 Upper, lower, number & Special = 66,483,263,599,150,100,000 So, I do not agree that it is a negative impact on security. Chris. On 8/15/07, Ansgar -59cobalt- Wiechers <[EMAIL PROTECTED]> wrote: > On 2007-08-15 dubaisans dubai wrote: > > Is there a way to improve the password complexity requirements in > > Windows 2000/2003 servers > > > > The default will enforce 3 of the following 4 properties - Uppercase, > > smallercase, numbers, special-characters. > > > > Is there a way to enforce all 4 properties. > > Enforcing passwords that MUST consist of uppercase letters, lowercase > letters, numbers AND special characters reduces the total number of > possible passwords, which in consequence has a negative impact on your > security. > > Regards > Ansgar Wiechers > -- > "All vulnerabilities deserve a public fear period prior to patches > becoming available." > --Jason Coombs on Bugtraq >
