On Tue, 17 Jan 2006 20:31:52 +0100 Paweł Madej <[EMAIL PROTECTED]> wrote:
> In some case yes, but you have to take into acount that [a-zA-Z0-9] > and special signs that is very big volume of possible combinations. > In this case I think that it is much more secure than 12 [a-zA-Z] > password which could be named passphrase. Well, hard to say what would be more secure, just pointing out that 12*[a-zA-Z] offers about 10.000-100.000 times more combinations than 8*[a-zA-Z0-9<special-chars>]: 52^12 = 390,877,006,486,250,192,896 ~ 3.9*10^20 95^8 = 6,634,204,312,890,625 ~ 6.6*10^15 (assuming 33 special chars, could be a few more or less). And for completeness: 52^8 = 53,459,728,531,456 ~ 5.3*10^13 95^12 = 540,360,087,662,636,962,890,625 ~ 5.4*10^23 As said, that doesn't relate to practical security, just shows that in theory changing the password length does more in terms of complexity than changing the set of allowed chars. And every combinational restriction added again decreases the complexity. Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better.
signature.asc
Description: PGP signature
