- #1
kenewbie
- 239
- 0
Ok, I want to make the argument that putting restrictions on passwords are not exclusively a good thing.
There are normally rules you need to follow when you create one, which are there to prevent dictionary-attacks. IE, You need at least 1 capital letter, at least one numeric and at least one non-capitalized letter.
If we say that there are 120 writable characters in a password, and the maximum number of characters you can have is 8, then the keyspace of the password should be 8^120.
I can see that the keyspace would be reduced when you impose limits on it, but by how much? How do I calculate the new keyspace given the restrictions I wrote above?
This is sort of an attempt at that:
There are 120 - 26 writable characters if you remove all capital letters. This gives 8^94 combinations which you can remove from the original keyspace? So with the only restriction being at least 1 captial letter, the new keyspace is 8^120 -8^94? That is a pretty hefty reduction on a brute force attack.
So hefty, in fact, that my logic must be flawed somewhere?
Anyone able to help me out and show how to remove all instances without a captial letter, a small letter and a number from the keyspace?
k
There are normally rules you need to follow when you create one, which are there to prevent dictionary-attacks. IE, You need at least 1 capital letter, at least one numeric and at least one non-capitalized letter.
If we say that there are 120 writable characters in a password, and the maximum number of characters you can have is 8, then the keyspace of the password should be 8^120.
I can see that the keyspace would be reduced when you impose limits on it, but by how much? How do I calculate the new keyspace given the restrictions I wrote above?
This is sort of an attempt at that:
There are 120 - 26 writable characters if you remove all capital letters. This gives 8^94 combinations which you can remove from the original keyspace? So with the only restriction being at least 1 captial letter, the new keyspace is 8^120 -8^94? That is a pretty hefty reduction on a brute force attack.
So hefty, in fact, that my logic must be flawed somewhere?
Anyone able to help me out and show how to remove all instances without a captial letter, a small letter and a number from the keyspace?
k
Last edited: