Ok, I want to make the argument that putting restrictions on passwords are not exclusively a good thing.(adsbygoogle = window.adsbygoogle || []).push({});

There are normally rules you need to follow when you create one, which are there to prevent dictionary-attacks. IE, You need at least 1 capital letter, at least one numeric and at least one non-capitalized letter.

If we say that there are 120 writable characters in a password, and the maximum number of characters you can have is 8, then the keyspace of the password should be 8^120.

I can see that the keyspace would be reduced when you impose limits on it, but by how much? How do I calculate the new keyspace given the restrictions I wrote above?

This is sort of an attempt at that:

There are 120 - 26 writable characters if you remove all capital letters. This gives 8^94 combinations which you can remove from the original keyspace? So with the only restriction being at least 1 captial letter, the new keyspace is 8^120 -8^94? That is a pretty hefty reduction on a brute force attack.

So hefty, in fact, that my logic must be flawed somewhere?

Anyone able to help me out and show how to remove all instances without a captial letter, a small letter and a number from the keyspace?

k

**Physics Forums | Science Articles, Homework Help, Discussion**

Join Physics Forums Today!

The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

# Keyspace of a password

**Physics Forums | Science Articles, Homework Help, Discussion**