At 9:32 PM -0500 2/22/06, Mathieu Langlois wrote:
Would you care to elaborate on that please? I'm a bit surprised, at first sight, you increase the possibilities a lot when you have to take into account the case, making dictionary and brute force attacks that much more difficult. For each word, the possibilities are 2^L where L is the length of the word. Assuming the users do use random case within the password, how is it not more secure than a case-insensitive password?
I didn't say it's not more secure; I said it's not *significantly* more secure. Users do not use random case within their passwords; any password that's going to fall to a dictionary attack is likely to fall even when case sensitivity is used. Conversely, the sort of people who come up with good passwords (mixing in numbers or initializing a longish passphrase or whatnot), are already making passwords that won't be in a dictionary, quite regardless of case.
As for brute-force attacks, considering case less than doubles the number of characters available -- making an already unreasonably large number somewhat larger. Not worth it, IMHO.
Best, - Joe -- Joseph J. Strout [EMAIL PROTECTED] _______________________________________________ Unsubscribe or switch delivery mode: <http://www.realsoftware.com/support/listmanager/> Search the archives of this list here: <http://support.realsoftware.com/listarchives/lists.html>
