Hacker News new | past | comments | ask | show | jobs | submit login

There is no way that "use a (proper) subset of the characters for bits of entropy" is going to beat "use all the characters for bits of entropy". Almost by definition, the second is going to have more entropy.

You're not getting anywhere, because people trying to guess your password don't have to guess your scheme. All you're doing is making it easier for them. There is no sense in which you are making it harder.

In the optimum case, you'd require them to get the right characters in the slots you're counting, but to not use the wrong characters in the slots you're not counting, thus demonstrating that they actually know the scheme in question and aren't just getting lucky. There would be exactly one character you'd accept in the slot you're counting, and there would be exactly one character they could use to indicate they understand your pattern in the slots you're not counting. This maximizes the chance they have proved to be in possession of your password, rather than just getting lucky because you didn't count their misses. This is, of course, simply using a password normally.






Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: