P
P
Petr Alexandrovich2014-12-25 18:11:09
Passwords
Petr Alexandrovich, 2014-12-25 18:11:09

The ratio of unique and repeated characters in a password, which is better?

Everyone knows that a strong password is a long password (preferably more than 32 characters, if allowed). And my question is - which option is better and more burglary-resistant. For example, a password consists of 32 characters and there is not a single repeated one or a password that contains the same characters

Answer the question

In order to leave comments, you need to log in

6 answer(s)
M
maaGames, 2014-12-25
@maaGames

If the characters cannot be repeated, then this reduces the number of possible passwords, which is not good.

D
DaNHell, 2015-01-09
@DaNHell

I think it makes more sense this way :3

The system administrator wanted to choose a strong password for centralized authorization through the radius server. He turned to Yin Fu Wo for advice.
What do you think, Master, is the password "史達林格勒戰役" strong?
No,” said Master Yin, “it’s a dictionary password.”
But there is no such word in dictionaries…
“Dictionary” means that this combination of characters is in wordlists, that is, “dictionaries” for enumeration that are connected to cryptanalysis programs. These dictionaries are made up of all combinations of characters that have ever been found on the Web.
Will the password “Pft,bcm” work?
- Hardly. He is also a dictionary.
But how? This is…
Enter this combination in Google - and you will see for yourself.
The sysadmin clicked his keys.
- Oh, yes. You are right, Teacher.
After some time, the Sysadmin exclaimed:
- Teacher, I picked up a good password, which cannot be in dictionaries.
Yin Fu Wo nodded.
- I entered it in Google, - continued the Sysadmin, - and made sure that there is no such combination on the Web.
- Now there is...

A
Armenian Radio, 2014-12-25
@gbg

From the point of view of probability theory, there is no difference whether the password contains repetitions of characters or not. The main thing is that it is completely random and the attacker does not have any information about how it was obtained.
That is, by creating a generator that repeats the characters in the password, you will give the attacker a hint, thereby reducing the reliability of the system.
The password should be just a hodgepodge of letters. A hodgepodge of words is also allowed, but the dictionary must be large (100,000), and there are several words (4-6).

M
mace-ftl, 2014-12-25
@mace-ftl

if the attacker does not know that all the characters in the password are carved, then they are all different.
And if he knows - then you need to allow repetition.

L
Lorem Ipsum, 2014-12-25
@nobodynoone

Do you know how long it takes to brute-force a password of this length? In addition, now almost always the following hashing algorithm is used - (system hash + unique hash for this password + password hash). To be honest, I strongly doubt that someone will be able to break such a password. Yes, of course you can brute, but who do you have to be so that someone would need to brute such a password?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question