1 |
On Tue, 17 Jan 2006 20:31:52 +0100 |
2 |
Paweł Madej <linux@××××××××.info> wrote: |
3 |
|
4 |
> In some case yes, but you have to take into acount that [a-zA-Z0-9] |
5 |
> and special signs that is very big volume of possible combinations. |
6 |
> In this case I think that it is much more secure than 12 [a-zA-Z] |
7 |
> password which could be named passphrase. |
8 |
|
9 |
Well, hard to say what would be more secure, just pointing out that |
10 |
12*[a-zA-Z] offers about 10.000-100.000 times more combinations than |
11 |
8*[a-zA-Z0-9<special-chars>]: |
12 |
52^12 = 390,877,006,486,250,192,896 ~ 3.9*10^20 |
13 |
95^8 = 6,634,204,312,890,625 ~ 6.6*10^15 |
14 |
(assuming 33 special chars, could be a few more or less). |
15 |
|
16 |
And for completeness: |
17 |
52^8 = 53,459,728,531,456 ~ 5.3*10^13 |
18 |
95^12 = 540,360,087,662,636,962,890,625 ~ 5.4*10^23 |
19 |
|
20 |
As said, that doesn't relate to practical security, just shows that in |
21 |
theory changing the password length does more in terms of complexity |
22 |
than changing the set of allowed chars. |
23 |
And every combinational restriction added again decreases the |
24 |
complexity. |
25 |
|
26 |
Marius |
27 |
|
28 |
-- |
29 |
Public Key at http://www.genone.de/info/gpg-key.pub |
30 |
|
31 |
In the beginning, there was nothing. And God said, 'Let there be |
32 |
Light.' And there was still nothing, but you could see a bit better. |