From: frantz@netcom.com (Bill Frantz)
Date: Fri, 19 Apr 1996 08:28:03 +0800
To: cypherpunks@toad.com
Subject: Re: Spaces in passwords
Message-ID: <199604181945.MAA22450@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Ben Rothke writes:
>> Do spaces (ASCII 20) in passwords make them less secure?
>
>Of course not. In a normal Unix password, adding spaces to the
>password search space increases the search space, so it necessarily
>makes the search harder.

I used to recommend that passwords be a phrase of at least 15 characters. 
Spaces fall naturally into that model.  If your spelling is as bad as mine,
then your password is resistant to dictionary attacks.

However, then I discovered that there are many brain damaged systems which
restrict passwords to 8 characters.  (e.g. IBM's VM/ESA, Netcom's UNIX) 
For those systems, I can only parrot the conventional wisdom, no words,
include numbers and/or punctuation, no acronyms, include both upper and
lower case, etc. etc.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA