3. Why does password bit strength go down with more numbers?

Why does password bit strength go down with more numbers?

The correct answer is the 2nd option

Yes, and

you're reducing the set of possible passwords.

this is wrong.

The set of possible values for each character in the password is increasing, from N to (N+10). What is decreasing, is the time to guess each password if you know the password contains 1 or more numbers. This is a critical assumption (threat model) that it's usually left out of password estimators - some don't even employ any sort of threat model and just perform naive entropy estimation (example). Contrast this with:

Let X be OP's 20 character password which contains no numbers. Let 2 different threat models: in A, the adversary knows the password contains 1 or more numbers. In B, the adversary does not know how many numbers exist in the password. Under which assumption will the adversary take longer to crack X?

Doesn't the answer to the above question make more sense as a password strength estimate? After all, an attacker ready to crack your password is going to take into account every possible bit of information they have. Hence, by specifying that they should try passwords with at least 1 number contained, you are giving information they can use to their advantage, reducing the set of passwords an attacker has to guess - even if the set of possible passwords is increased.

If you want to read some more, here's some rationale behind zxcvbn, Dropbox's method for estimating password strength. See the demo here.

/r/askscience Thread Parent
Previous
Next

Recently removed from /r/askscience

What does alcohol do to your blood sugar? I thought it spiked it? Is the Flynn effect still going? Does being sick impair the body’s ability to form memories during that time? Does having autoimmune disorder (atopic disease in my mind, but also otherwise) lead to an increased risk of immune cell cancer? What determines whether we can create a vaccine for an illness or not? Why is gluten intolerance a new phenomenon / on the rise? What's the difference in your brain between seeing an object, thinking about that object, and visualizing an object? Why are we no longer contagious even if not all influenza symptoms are gone? AskScience AMA Series: We're Experts on Influenza (aka the Flu). AUA! I’ve been browsing YouTube a lot and lately I’ve fallen into a loop of videos where uploaders ‘rescue’ sea turtles by cleaning their shells of debris and barnacles. These turtles look suspiciously like pond sliders, is that even possible? Could breathing through the mouth alter a 13 year olds face and if so how long would it take? When nucleons bind to form a nucleus, does each nucleon "retain ownership" over its quarks (is each nucleon a truly unique entity)? Or is it possible for quarks to swap from one nucleon to another? Or does it not make sense to talk so exactly about them? Do other terrestrial planets have metals like gold, silver, etc? Why does coding work? As microchips get smaller and smaller, won't single event upsets (SEU) caused by cosmic radiation get more likely? Are manufacturers putting any thought to hardening the chips against them?

More Random Comments

The 17th Year [no spoiler] Wanna share my thoughts about MGS:GZ [WP] A man with nothing to lose, and a man with everything to lose are about to fight. [Campaign] First time DM, need tips on original story Moronic Monday, December 22, 2014 - Your Weekly Questions Thread Bioluminescence causing a shoreline to glow at night. This occurs when a micro-organism in the water is disturbed by oxygen. How to lead public platoons? Tips? How often and why do you use cannabis? Also, what are your benefits from it? Virtus.pro Sneg (CEO) take on the current professional Dota 2 scene situation. real or fake epiphone les paul?? What is something you thought was grossly exagerated until it happened to you? Non-native English speakers, what was the most confusing thing about the English language to you while learning it? Need Quick Help on How to Eat Out! [F4M] Stuck... ELI5: How the shingle virus stays in your body all of your life and why it isn't killed while in there.