On Thu, 13 Oct 2005 15:29:51 -0500 Mike Walter said:
>--<snip>---
>"With a password length of 8 characters, there are approximately
>5,352,009,260,481 passwords (39**8, where 39=A-Z, plus 0-9, @,#,$).
>With a varying password lengths from 5-8 characters there are
>5,492,849,235,120 passwords (an additional 141 trillion passwords:
>140,839,974,639).
but therein is still the problem with passwords for VM. The limited
set of characters, and the limit of 8 characters max. If it could
accept A-Z, a-z, 0-9, @, #, $ (65 chars) the 8 fixed character password
now becomes
318,644,812,890,625
5,352,009,260,481
a lot better than varying 5-8 characters, or make it fixed 10 chars
8,140,406,085,191,601
8 character passwords using only upper case characters is going to
be a problem long term
>
>Most importantly, by making passwords a fixed length it is harder for
>people to pick an easy password and remember it. They will either right it
>down somewhere they can find it (which usually means someplace easy to
>find), or they will pick one password and append numbers (such as MIKE0001
>in January, MIKE0002 in February, ... MIKE0012 in December).
>
>In all cases, this is less secure than the varying length password policy."
>--<snip>---
>
>(No doubt someone will correct my algorithm or math).
>
>But consider that even with a fixed length of 8 characters containing A-Z,
>0-9, and @,#,$ the number of 5 1/2 trillion passwords is still a pretty
>significant barrier.
>
>IMHO a greater barrier to security than fixed-length passwords is the
was the request for a fixed length password, or a minimum of 8 character
password?
/ahw
