Wow! After discussing your point of view with a System Administrator friend of mine (in Italian, that made things far easier to understand), I finally get your point!
What my friend said to make me understand your point was:
se la lunghezza minima della password è 6, il tuo livello di sicurezza č quello dato dalle password di lunghezza 6, non da quelle più lunghe; quelle pių lunghe aggiungono qualcosa in più, ma la sicurezza dipende da quanto sono sicure le password più corte
that put in English sounds like: if the minimal length for your passwords is 6, then your security level is the one that 6-character long passwords give, not the one given by longer passwords; longer passwords add something more, but security depends on how secure are the shortest passwords allowed.
So, actually, if the minimal length allowed for a password is N and we have an M>N password, it should be considered secure if we can find at least one secure N-subset of it. Right?
Thanks for pointing me to the right direction, and since I am here I'd add a new question
How much strength would add to the algorithm, without complicating it too much, to impose that an M-character long password should contain p*M different symbols (e.g.: p=2/3)?
Ciao!
--bronto
The very nature of Perl to be like natural language--inconsistant and full of dwim and special cases--makes it impossible to know it all without simply memorizing the documentation (which is not complete or totally correct anyway).
--John M. Dlugosz
In reply to I see the light! and a new question [Re: Re: Basic password checking]
by bronto
in thread Basic password checking
by bronto
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |