Walt is right (as usual) about the advantages of mixed-case passwords in deterring brute-force attacks. To get a feel for the difference, take a look at http://www.goldisconsulting.com/predict.htm Mixed case passwords are also effective in deterring "dictionary" attacks. In our consulting and pen-testing work, we often run cracking tools in both ACF2 and RACF shops with a standard dictionary, and typically get "hits" on 15-25% of the userids. Testing several thousand ids for all the words in the list can take a few hours. Having to test for mixed-case passwords makes this attack a lot less useful.
Here are some lists we typically use (see your password?): http://www.goldisconsulting.com/dictionaries.htm ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
