[Sunlis]

This is questionable. If I enter 15 random alphabet characters, it gives me 49 years. 15 numbers is 2 days. 15 characters of punctuation is 743,000 years.

If the cracker was trying to brute force a password, then they would have to try every available character in every valid position. Unless I'm misunderstanding something, and n-length password would take a similar amount of time to guess as any other n-length password with the same restrictions. The cracker doesn't know going into it that I only have letters in my password, so he has to use any valid character.

Perhaps a more useful system would be one that would let websites enter their password restrictions and tell them how secure their users' password can be with those restrictions.

[laumars]

> The cracker doesn't know going into it that I only have letters in my password, so he has to use any valid character.

Typically hackers will run through quicker combinations to pick off the low hanging fruit. It doesn't matter if they can't crack a few hundred 15 char characters with extended ANSI characters as by that point they'll already have tens of thousands of passwords from others who's passwords contained less entropy.