# Creating strong passwords and keeping them secret.

Show 40 post(s) from this thread on one page
Page 3 of 3 First 123
• January 20th, 2011, 10:29 PM
JPnyc
I'm not sure. I mean every time you include a new character set you increase the possibilities exponentially. Just for argument's sake, we'll say the first character set contains five characters, as does the second. If you use only the first, the number of possible combinations would be 5x4x3x2. If you use both of them, the possible combinations becomes 10x9x8x7x6x5x4x3x2
• January 20th, 2011, 11:05 PM
nihil
Yes, but if your password is only one character then there are 5 possibilities in the first instance and 10 in the second.

I can't remember the math, but with a password you have replacement (the same character can be used more than once) and it is ordered (the characters have to be in the correct sequence).

I would say that for any given character set, a longer password has to be be more difficult to brute force than a shorter one.

http://www.infoworld.com/d/security-...r-531?page=0,0

and:

http://blogs.mcafee.com/mcafee-labs/...-vs-complexity
• January 21st, 2011, 01:29 AM
metguru
Quote:

If you use only the first, the number of possible combinations would be 5x4x3x2. If you use both of them, the possible combinations becomes 10x9x8x7x6x5x4x3x2
Where did you get this from? :confused:

We are not calculating 'combinations' by definition, if I am not mistaken. Combinations and permutations imply that there is no repetition.

Obviously when dealing with passwords repitition becomes possible, so we cannot use these standard methods of calculations. However, this doesn't make it any more complicated. Lets say you're just dealing with numbers to keep the calculations easier. 0-9 gives 10 possibilities, so for a one digit number, naturally you would have 10 possibilities. When you move to two decimal places it becomes 10*10+10, with the 10 additional digits including the one digit passwords, making 110 possibilities. So its:
(NumCharacters)^(length)+(NumCharacters)^(length-1)...
for those that haven't taken calc 2, or just plain aren't good at math, as N increases, it will have more effect than X increasing by the same amount, on the equation as a whole. This is because the N is an exponent and the X is a base.

So mathematically speaking,
Quote:

This is quite interesting. As far as I am aware the length of a password takes precedent over its complexity, so I agree with the concept of packing a core.
is correct. But remember, if you add a symbol, you're not adding one unit to complexity, because the cracking tables add either 14 or 28 characters to complexity, not 1 or 2. This skews the math. So it really depends on the situation. For example, say you have a password that is 3 numbers (1110 possibilities). You can either add another number or increase complexity by adding a letter. 4 numbers is (11110), but 3 letters and numbers is (47988). So ultimately, it depends on multiple things, like how you look at the math, what your definition of "increasing complexity" is (whether it be one more possibility, or a whole new character set), and what length you are adding. But technically speaking, adding one to the length is stronger than adding one to the complexity.

Surprise. I'm nerdy. Haha. If anyone sees errors, feel free to point them out ;)
Show 40 post(s) from this thread on one page
Page 3 of 3 First 123