[clug] [OT] all text passwords == secure?

Kim Holburn Kim.Holburn at gmail.com
Mon Aug 27 20:34:31 MDT 2012

On 2012/Aug/28, at 8:59 AM, Scott Ferguson wrote:

> A dictionary attack is too easy - and it's the first attack tried. Add
> just one non alpha character to that multi word string and only brute
> force will guess it - then you have a much harder password to break.
> Much, much harder.

No you don't.  If you look at this link:

There's a table that shows that adding more character sets - say alphanumeric or even printable ascii gives you no more Information entropy than adding 2 or three extra letters in a plain alpha password of around 8 letters.  The formula for information entropy shows this clearly.

In fact read almost any of those links I sent before and they show the same thing.  Password length triumphs easily and quickly over adding character class.  Despite your feeling that it does a lot, and many people have this feeling, it doesn't get you much at all.


Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request 

More information about the linux mailing list