mostafatalebi Posted March 7, 2013 Share Posted March 7, 2013 Hello I have a very simple question. Is allowing passwords with space inside, problematic? Link to comment https://forums.phpfreaks.com/topic/275358-password-strength/ Share on other sites More sharing options...
Christian F. Posted March 7, 2013 Share Posted March 7, 2013 No, not problematic at all. If any thing, it's desirable as it increases the entropy (available character space). Technically speaking, it is desirable to allow any printable character in a password. As for every character disallowed in a password, the time it'll take an attacker to crack the password is reduced exponentially: The entropy is defined by number of characters in a password raised to the power of available characters, after all. (Length^allowed characters, in other words.) Just to give you an example of how much difference only two disallowed characters would make, and then we only assume 95 printable characters in total (basic ASCII): php > $len1 = pow (10, 95); php > $len2 = pow (10, 93); php > echo $len1 - $len2; 9.9E+94In case you're doubting it, yes: That is 99 followed by 93(!) zeroes fewer potential password an attacker has to search. All from just removing only 2 characters from the pool. Or, in other words, you just reduced the entropy by 99% Link to comment https://forums.phpfreaks.com/topic/275358-password-strength/#findComment-1417162 Share on other sites More sharing options...
mostafatalebi Posted March 7, 2013 Author Share Posted March 7, 2013 thanks. comprehensive reply Link to comment https://forums.phpfreaks.com/topic/275358-password-strength/#findComment-1417167 Share on other sites More sharing options...
Christian F. Posted March 7, 2013 Share Posted March 7, 2013 You're welcome. Link to comment https://forums.phpfreaks.com/topic/275358-password-strength/#findComment-1417171 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.