Why isn't this password secure?
Posted on 2013-08-28
You know the standard directives for generating a password - use a mixture of lower & upper case letters, numbers, and punctuation. (and longer is better, of course, but let's leave password length out of the picture for the moment. I'm just thinking of character selection)
I get the basic idea. If you use both upper & lower case letters instead of lowercase-only, you have 52 possibilities for each character instead of 26. That makes sense.
But wouldn't a lowercase password be less secure only if an attacker knew it was lowercase? If he didn't know that, he'd have no reason to constrain the character set used in a brute-force attack.
It's probably obvious by now that my cryptographic knowledge is minimal. This question's bugged me for years, though, so if someone could indulge me, I'd be appreciative.