Wow! After discussing your point of view with a System Administrator friend of mine (in Italian, that made things far easier to understand), I finally get your point!

What my friend said to make me understand your point was:

se la lunghezza minima della password è 6, il tuo livello di sicurezza č quello dato dalle password di lunghezza 6, non da quelle più lunghe; quelle pių lunghe aggiungono qualcosa in più, ma la sicurezza dipende da quanto sono sicure le password più corte

that put in English sounds like: if the minimal length for your passwords is 6, then your security level is the one that 6-character long passwords give, not the one given by longer passwords; longer passwords add something more, but security depends on how secure are the shortest passwords allowed.

So, actually, if the minimal length allowed for a password is N and we have an M>N password, it should be considered secure if we can find at least one secure N-subset of it. Right?

Thanks for pointing me to the right direction, and since I am here I'd add a new question

How much strength would add to the algorithm, without complicating it too much, to impose that an M-character long password should contain p*M different symbols (e.g.: p=2/3)?

Ciao!
--bronto

---

The very nature of Perl to be like natural language--inconsistant and full of dwim and special cases--makes it impossible to know it all without simply memorizing the documentation (which is not complete or totally correct anyway).
--John M. Dlugosz