> It is still a good decision, an one character password is useless from a security standpoint.
replyOnly if length is known. Which is true now. So it opens the gates to try passwords of specific known length.
If you are brute forcing passwords, knowing the length only reduces the number of passwords to try by like 1 hundredth.
replyDrats, you're right. I thought it'd be worse, but the ratio seems to only depend on the number of letters in your character set: 1/count(letters in alphabet).
replyFor ascii at 95 printable chars you get 0.9894736842. Makes intuitive sense as the "weight" of each digit increases, taking away a digit matters less to the total combos.
Maybe I'll start using one Japanese Kanji to confuse would be hackers! They could spend hours trying to brute force it while wondering why they can't crack my one letter password they saw in my terminal prompt. ;)
It also give you the possibility of filtering out which ones are worth cracking and which ones not
replyIt could also give useful priors for targeted attacks, "Their password is 5 characters, and their daughters name is also 5 characters, let's try variations of that".
replyI may or may not use a single char password on a certain machine. This char may or may not be a single space. It may or may not be used in FDE. It's surprising what (OS installers) this breaks.
reply