Jump to content

Password Strength


mostafatalebi

Recommended Posts

No, not problematic at all. If any thing, it's desirable as it increases the entropy (available character space).

Technically speaking, it is desirable to allow any printable character in a password. As for every character disallowed in a password, the time it'll take an attacker to crack the password is reduced exponentially: The entropy is defined by number of characters in a password raised to the power of available characters, after all. (Length^allowed characters, in other words.)

 

Just to give you an example of how much difference only two disallowed characters would make, and then we only assume 95 printable characters in total (basic ASCII):

php > $len1 = pow (10, 95);
php > $len2 = pow (10, 93);
php > echo $len1 - $len2;
9.9E+94
In case you're doubting it, yes: That is 99 followed by 93(!) zeroes fewer potential password an attacker has to search. All from just removing only 2 characters from the pool. Or, in other words, you just reduced the entropy by 99%
Link to comment
https://forums.phpfreaks.com/topic/275358-password-strength/#findComment-1417162
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.