OVERVIEW: Making a secure password.
- People tend to use dictionary words as a basis for their passwords.
- People tend to make minor substitutions on their passwords (password -> p@$$w0rd)
Assuming one would come up with 1 (and only 1) substitution per letter (from a field of (x special characters) AND one could also capitalize letters how many possible combinations could one come up with?
Restated: One starts with the word password. We can use any special character for "P" but once selected that character is not used for another letter nor is another character used for "P".
So:
P can equal a 7 or 9 (or anything else).
A can equal a @ or & (or anything else).
S can equal a $ (or anything else).
password can also be written as
Password
pAssword
...
PASSWORD
(as well as any combination of special characters)
p@ssword
P@ssword
...
P@SSWORD
I'm starting to get lost in the permutations. I think that all the lower case and upper case possibilities is n! In this case for password there are 8! possibilities.
But what about with the special characters? Getting lost there.
EDIT: Must expand and clarify my original question
How many combinations must an ATTACKER (someone trying to break the password) utilize?
Did I just twist myself up needlessly? Is this simply taking my set of numbers (26 lowercase, 26 upper case, 10 digits, x special characters) and just raise it to the number of characters in the password?
Best Answer
As @Albert mentions the total number of passwords the user can generate is $3^n$. However, the total number of combinations an attacker must consider is wider: $x!\cdot3^n$ for an n length password and a $x$ element special character set.