
January 20th, 2011, 11:29 PM
#21
I'm not sure. I mean every time you include a new character set you increase the possibilities exponentially. Just for argument's sake, we'll say the first character set contains five characters, as does the second. If you use only the first, the number of possible combinations would be 5x4x3x2. If you use both of them, the possible combinations becomes 10x9x8x7x6x5x4x3x2

January 21st, 2011, 12:05 AM
#22
Yes, but if your password is only one character then there are 5 possibilities in the first instance and 10 in the second.
I can't remember the math, but with a password you have replacement (the same character can be used more than once) and it is ordered (the characters have to be in the correct sequence).
I would say that for any given character set, a longer password has to be be more difficult to brute force than a shorter one.
http://www.infoworld.com/d/security...r531?page=0,0
and:
http://blogs.mcafee.com/mcafeelabs/...vscomplexity

January 21st, 2011, 02:29 AM
#23
If you use only the first, the number of possible combinations would be 5x4x3x2. If you use both of them, the possible combinations becomes 10x9x8x7x6x5x4x3x2
Where did you get this from?
We are not calculating 'combinations' by definition, if I am not mistaken. Combinations and permutations imply that there is no repetition.
Obviously when dealing with passwords repitition becomes possible, so we cannot use these standard methods of calculations. However, this doesn't make it any more complicated. Lets say you're just dealing with numbers to keep the calculations easier. 09 gives 10 possibilities, so for a one digit number, naturally you would have 10 possibilities. When you move to two decimal places it becomes 10*10+10, with the 10 additional digits including the one digit passwords, making 110 possibilities. So its:
(NumCharacters)^(length)+(NumCharacters)^(length1)...
for those that haven't taken calc 2, or just plain aren't good at math, as N increases, it will have more effect than X increasing by the same amount, on the equation as a whole. This is because the N is an exponent and the X is a base.
So mathematically speaking,
This is quite interesting. As far as I am aware the length of a password takes precedent over its complexity, so I agree with the concept of packing a core.
is correct. But remember, if you add a symbol, you're not adding one unit to complexity, because the cracking tables add either 14 or 28 characters to complexity, not 1 or 2. This skews the math. So it really depends on the situation. For example, say you have a password that is 3 numbers (1110 possibilities). You can either add another number or increase complexity by adding a letter. 4 numbers is (11110), but 3 letters and numbers is (47988). So ultimately, it depends on multiple things, like how you look at the math, what your definition of "increasing complexity" is (whether it be one more possibility, or a whole new character set), and what length you are adding. But technically speaking, adding one to the length is stronger than adding one to the complexity.
Surprise. I'm nerdy. Haha. If anyone sees errors, feel free to point them out
Similar Threads

By XTC46 in forum Site Feedback/Questions/Suggestions
Replies: 15
Last Post: August 24th, 2005, 07:52 PM

By gore in forum The Security Tutorials Forum
Replies: 3
Last Post: March 16th, 2005, 10:33 PM

By NeonWizard in forum The Security Tutorials Forum
Replies: 5
Last Post: August 13th, 2004, 06:54 PM

By gore in forum Operating Systems
Replies: 3
Last Post: March 7th, 2004, 08:02 AM

By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
Posting Permissions
 You may not post new threads
 You may not post replies
 You may not post attachments
 You may not edit your posts

Forum Rules

