"Content-Length" header
Jeremy Bowers
jerf at jerf.org
Tue Aug 31 13:04:22 EDT 2004
On Mon, 30 Aug 2004 21:57:02 -0700, G. S. Hayes wrote:
> Something related to think about: if most users use only letters in their
> passwords, making the passwords case-insensitive potentially makes it take
> crackers HALF the time to crack a password by brute force.
Much worse than that.
Assuming 8 letters only:
Both cases: 52 ^ 8: 53,459,728,531,456 (53 trillion)
One case : 26 ^ 8: 208,827,064,576 (208 billion)
It's halved *per character*.
Moral of the story: Use symbols and mix cases in your passwords; you want
to get to the bigger spaces for security. Both cases + numbers + symbols
can reasonably come to 92 chars on a standard (american) keyboard, for a
total of 92 ^ 8 passwords = 5,132,188,731,375,616 (5 quadrillion).
More information about the Python-list
mailing list