| 1 |
On Tue, 17 Jan 2006 20:31:52 +0100 |
| 2 |
Paweł Madej <linux@××××××××.info> wrote: |
| 3 |
|
| 4 |
> In some case yes, but you have to take into acount that [a-zA-Z0-9] |
| 5 |
> and special signs that is very big volume of possible combinations. |
| 6 |
> In this case I think that it is much more secure than 12 [a-zA-Z] |
| 7 |
> password which could be named passphrase. |
| 8 |
|
| 9 |
Well, hard to say what would be more secure, just pointing out that |
| 10 |
12*[a-zA-Z] offers about 10.000-100.000 times more combinations than |
| 11 |
8*[a-zA-Z0-9<special-chars>]: |
| 12 |
52^12 = 390,877,006,486,250,192,896 ~ 3.9*10^20 |
| 13 |
95^8 = 6,634,204,312,890,625 ~ 6.6*10^15 |
| 14 |
(assuming 33 special chars, could be a few more or less). |
| 15 |
|
| 16 |
And for completeness: |
| 17 |
52^8 = 53,459,728,531,456 ~ 5.3*10^13 |
| 18 |
95^12 = 540,360,087,662,636,962,890,625 ~ 5.4*10^23 |
| 19 |
|
| 20 |
As said, that doesn't relate to practical security, just shows that in |
| 21 |
theory changing the password length does more in terms of complexity |
| 22 |
than changing the set of allowed chars. |
| 23 |
And every combinational restriction added again decreases the |
| 24 |
complexity. |
| 25 |
|
| 26 |
Marius |
| 27 |
|
| 28 |
-- |
| 29 |
Public Key at http://www.genone.de/info/gpg-key.pub |
| 30 |
|
| 31 |
In the beginning, there was nothing. And God said, 'Let there be |
| 32 |
Light.' And there was still nothing, but you could see a bit better. |
Archives