Frank Gevaerts <[EMAIL PROTECTED]> said on Fri, 23 Jul 2004 10:44:34 +0200:
> On Thu, Jul 22, 2004 at 07:24:01PM -0700, Scarletdown wrote:
> > I second that recommendation.  I always prefer to have passwords with 
> > the following features:
> > 
> > Minimum of 8 characters
> > At least 1 capital letter
> > At least 1 lower case letter
> > At least 1 number
> > At least 1 special character
> Except that in an ideal world where everyone uses random passwords, this
> kind of restrictions actually makes the password easier to guess.

That's precicely what I was thinking.

For each character range of size N that you *must* choose, you
diminish the keyspace by a factor of N/256.

So, if you must have a capital letter, there goes a factor of 26/256 ~

If you must have a capital letter or a number, then that's now 36/256.

If you must have an underscore, then you lose a factor of 256. Whoa!

Of course, the 256 in all of the above should really be quite a lot
less (maybe 26+10+10 or so special chars?) because most people don't
enter high ascii and control characters into their passwords - maybe
they should :)

TimC --
Chairman: I'm glad to see so many bright-eyed and bushy-tailed people
here at this time of the morning.  
>From the audience: Actually, most of us are rabid. -- From an astro talk

with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to