# Symbols vs letters as passphrase?

#### Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

•  Subject
• Author
• Posted on
Hello,

The encryption software I use offers me two choices for entering a
passphrase:
1) an ordinary password consisting of letters, numbers and/or special
characters
2) 10 symbols that can be clicked in any order to form a "passphrase"

How safe is a "passphrase" consisting of maybe 15 symbol clicks
compared to a password consisting of 15 letters, numbers and/or
special characters?

Let's assume the password was chosen carefully, so it contains no
known words or derivations thereof, and special characters and numbers
were used.

Is the password safer because there are many more letters, numbers,
and special characters than symbols to choose from?

Peter

## Re: Symbols vs letters as passphrase?

Yes

Juergen Nieveler
--
I don't mind lying, but I hate inaccuracy

## Re: Symbols vs letters as passphrase?

It is important to have enough entropy in a passphrase. Clicking 15
times one of 10 symbols means 10^15 combinations. And this means not
enough entropy for a passphrase, not at all.

Perhaps you should click at least 25 times ;-)

A passphrase consisting of random data using 64 bit of characters
and a length of, say 10 characters, means 64^10 combinations, which
means 2^60 combinations. This is more than 10^20, too.

10^20 is a good thumbnail, what should be topped today for _any_
meaning of security. You'll better improve that for some applications.

10^20 means, that brute forcing with a system offering 10^9 operations
a second (as a thumbnail) will last 10^11 seconds, that means 3*10^4
years now. That sounds good, but using Moore's law, you could calculate,
how long (or how short) this will be secure in reality.

Yours,
VB.
--
If class libraries are compared to animals, MFC is the slime-warts toad.

## Re: Symbols vs letters as passphrase?

"safe" can be a combination of several things. creation of passwords
that are totally impossible to remember ... make them harder for an
attacker to guess ... but also result in human's writing them down
.... providing an attacker with more than one avenue for obtaining the

shared-secret passwords also have a requirement that unique shared
secrets are required for different security domains (cross-domain
compromise ... i.e. the password at your local garage ISP being the
same as your online banking access). difficulty of memorizing goes up
both as the complexity of the password as well as the number of
.... and at the time, I only had one. Now I'm faced with managing
scores of passwords. then if they have to be changed every month, the
problem can reach truely hopeless state:
http://www.garlic.com/~lynn/subpubkey.html#secrets

then there are the rules excluding certain values ... here is an
corporate directive April 1st version from over 20 years ago
.... parody explains how there is only once acceptable password.
http://www.garlic.com/~lynn/2001d.html#52 OT Re: A beautiful morning in AFM

some recent news articles ... effectively institutional-centric
paradigm running afoul of person related limitations.

http://www.theinquirer.net/?article=26653
Now, what was my September password?
http://www.purdueexponent.org/index.php/module/Issue/action/Article/article_id/1168
http://it.slashdot.org/it/05/09/27/1935210.shtml?tid=172&tid=218
Secure
http://www.techweb.com/wire/security/171201073
http://news.yahoo.com/s/cmp/20050928/tc_cmp/171201073 ;_ylt=A9FJqZNytzpDEWgAlgYjtBAF;_ylu=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl
http://www.cbronline.com/article_news.asp?guid=7778865B-DD3A-4230-9968-83244D713FBE
http://www.securityfocus.com/news/11331

--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn /

## Re: Symbols vs letters as passphrase?

Compare 10^15 with 64^15.

Yes.