Re: good/bad passwords question

From: Gary (gary_at_wanadoo.ru)
Date: 11/22/05 

Date: Tue, 22 Nov 2005 13:42:57 +0100

Proteus a écrit :
> How much more secure, mathematically, is a 6 digit password than a 4
> digit, an 8 digit than a 4 digit, etc.? I mean, if a site says I can make
> up a password of 4-10 characters, I am wondering if going beyond the 4
> chars to 5,6,7,8,9,10 makes the password more secure in a linear or
> exponential manner. I am finally learning to take passwords seriously,
> making stronger, more randon, non-dictionary passwords. Just curious about
> the mathematical relationship between password length and strength.

Hello,

in this case, security is exponential because the number of combination
is given by :

(lets say everytime is 26 possibilities because a,b,c...x,y,z)

number of chars : 4 => 26 x 26 x 26 x 26 => 26^4
number of chars : 5 => 26 x 26 x 26 x 26 x 26 => 26^5
number of chars : 6 => 26 x 26 x 26 x 26 x 26 x 26 => 26^6
number of chars : 7 => 26 x 26 x 26 x 26 x 26 x 26 x 26 => 26^7
number of chars : 8 => 26 x 26 x 26 x 26 x 26 x 26 x 26 x 26 => 26^8
...

In this example, for each position there's 26 possibilities (but don't
forget numbers, space, signs...), so if you decide to have one position
more, the number of combination is the same than before x 26

Bye
Gary