|
|
|
|
|
|
by function_seven
2346 days ago
|
|
|
From a strictly mathematical view, yeah. Requiring that certain character classes exist in the password will shrink the search space for that password. But: (1) only a tiny teeny little bit, and (2) the gains in password complexity are probably worth a lot more. Imagine you have a site that allows numeric PINs between 4 and 6 digits. And another site that requires exactly 6 digits. Technically, the search space is larger for the first site. An attacker would have 1,110,000 possible codes to check, whereas the 2nd site has 1,000,000. But ensuring that all users are in the 1,000,000 search space is worth it to prevent some users' 4-digit PINs being cracked. |
|
|