Originally Posted by GoTMaXPoWeR
It's not about the length of a password, it's about using non-conventional characters and combinations so to avoid brute force or dictionary hacks.
I think length is more important than using special characters. when you look at the math, extra character increase the time that is needed to brute force more than adding special character.
think about it there are 47 * 2 +1 characters on a keyboard that are easy to enter. thats 95 commonly used characters.
for a 1 character password there are 95 characters. with each extra character its another level of complexity. the complexity is 95^x where x is the number of character. an character password has 6,634,204,312,890,625 possibilities. and would take my system about 35 days. add another character and you go up to 630,249,409,724,609,375 and that would take my system over 9 years. But my system is a toy compared to what can be made with proper amounts of funding. The cluster i described would do it in one year. so a 20 character password using only what can be easily entered on a standard keyboard has 3.5848592240854223435741044044495e+39 possibilities. Length > complexity any day.Edited by donkru - 3/28/11 at 5:29pm