This has me scratching my head. Every article I have seen on password security says that including upper case and lower case letters makes for greater security. OK, that is common sense since there are more possible combinations for a brute force approach to attack.
But how many more combinations? One might say that 26 lowercase letters plus their capitalized counterparts doubles the available symbols.
On the other hand, as a practical matter an uppercase letter is achieved by hitting the "Shift" key prior to the target letter. So one might argue that adding upper case letters really only adds one more symbol, namely, the ocassional insertion of a "Shift" into the password keystroke combination.
That represents more security since passwords are now longer and the length is less predictable. For example, suppose a site requires a six letter password. "abcdef" would qualify. However '[Shift]abcdef' (which would appear as Abcdef) would also qualify even though it is seven keystrokes.
I suppose I should unearth a question here. Let's start with 6 letter passwords, all lowercase. There should be 26^6 combinations, from aaaaaa to zzzzzz.
Adding caps might be modeled as creating 52 possible six-character combinations, so the total available is 52^6, which is 2^6 or 64 times more possibilities than lower case only.
But suppose we model the possibilities as the sum of:
(1) all six letter lower case combos;
(2) all seven stroke combos (six letters plus a shift);
(3) all eight stroke combos (six letters, two shift):
and so on to
(7) all twelve stroke combos (six letters, six shifts)
My common sense is telling me that if the second approach exhausts the possibilities for mingling upper- and lower-case letters it must give the same answer as the first approach, i.e., 52^6.
Hmmph. Normally this sort of problem holds my attention when the alternative is finalizing my taxes; I don't know why I am locked up on this now.
I made the horrid mistake of leaving the caps lock on when I was generating a password on the computer for both letters and numbers. Now I have a new iPhone and when I try to access a protected site I cannot enter that code because I can't capitalize numbers on it.
Posted by: glasater | July 25, 2014 at 12:46 PM
TM
Upper and lower case are stored as different ascii characters. In otherwords, when you press the shift key, encoding occurs after the next key is pressed. The shift is not actually stored as a character. It least this was the case back in the dark ages when I studied this stuff.
Posted by: Buckeye | July 25, 2014 at 01:04 PM
I was assured their would be no math at this Blog.
Posted by: NK(withnewsoftware) | July 25, 2014 at 01:07 PM
64x as many possibilities. My final answer.
Posted by: Cecil Turner | July 25, 2014 at 01:11 PM
There are a dozen analysts at the NSA giggling into their coffee right now...
Posted by: Some Guy | July 25, 2014 at 01:26 PM
Not sure I'm getting what the puzzle is, but even treating the shift that way, it can only be inserted at most every second stroke (shift-shift-a is the same as shift-a).
Posted by: jimmyk on iPad | July 25, 2014 at 01:40 PM
Oh good; a thread in which we don't have to speculate on what Queen Roberts will do.
Posted by: Captain Hate | July 25, 2014 at 01:45 PM
Oh MY. Take a gander at Gallup for today. An absolutely horrible, terrible no good day for the incompetent liar. -3 for the day and 39% approval overall. I would suggest several more fundraisers while crises simmer and boil, to totally cure that problem. More cowbell is always the answer...
Posted by: GMax | July 25, 2014 at 01:50 PM
And notice what happens when the primary is over. The great Democrat hope in Georgia, seems to have failed to launch and Perdue is showing a comfortable lead:
The latest Rasmussen Reports statewide telephone survey of Likely Georgia Voters finds Perdue with 46% support to Nunn’s 40%. Four percent (4%) like another candidate in the race, and 10% are undecided
Posted by: GMax | July 25, 2014 at 01:57 PM
I would pay dearly for the ability to waive password protection on all but a very few sites.
Posted by: Danube on iPad | July 25, 2014 at 01:59 PM
Sometimes the revisionism hits eleven:
http://www.redstate.com/2014/07/24/salon-attempts-paint-avowed-communist-lee-harvey-oswald-right-winger/
Posted by: Captain Hate | July 25, 2014 at 02:01 PM
Practically speaking aren't about 99% of the capital letters going to be the first one only?
Posted by: Ignatz | July 25, 2014 at 02:08 PM
If Salon merged with Vox they would still not be smarter than a fifth-grader.
Posted by: jimmyk | July 25, 2014 at 02:10 PM
OK, CH, I'll respect your no-Roberts edict for this thread. But if this thread reaches page two, Wiggins for Love speculation is on the table (or in the paint, if you prefer).
Posted by: Thomas Collins | July 25, 2014 at 02:12 PM
Now multiply that by the 8 extra layers the Xerox Super Certificate-ifier adds, subtract the multiple versions offered by Savanna Guthrie, and you have something real secure.
Posted by: Threadkiller | July 25, 2014 at 02:12 PM
Epic rant by Joan Rivers against the MSM regarding Gaza.
http://www.tmz.com/videos/0_1t3hcwj3/
(Yes, it's a video with an ad at the beginning.)
Posted by: jimmyk | July 25, 2014 at 02:14 PM
On the security question, don't the stats need to take into account the higher probability that complex passwords will be written down in one place, which if stolen would be a bummer to security (or saved on computers to which others will gain access)?
Posted by: Thomas Collins | July 25, 2014 at 02:18 PM
But if this thread reaches page two, Wiggins for Love speculation is on the table (or in the paint, if you prefer).
I'm for that on any page, along with a discussion of how many NFL players would pop Goodell if they knew they'd only get a 2 game rip for it. #GFLWarOnWomen
Posted by: Captain Hate | July 25, 2014 at 02:18 PM
It does give the same answer. The number of possibilities for each of the items in the list you give is just 26^6 times the binomial coefficient C(6, n) for choosing the position of n [Shift]s from 6 possible spots:
(1) 26^6 * C(6, 0)
(2) 26^6 * C(6, 1)
...
(6) 26^6 * C(6, 6)
Summing and factoring out the 26^6, you get:
26^6 * [C(6, 0) + C(6, 1) + ... + C(6, 6)]
The sum of the binomial coefficents C(n, k) as k runs from 0 to n is 2^n, so the above turns out to be:
26^6 * 2^6 = (26*2)^6 = 52^6
Posted by: Elliot | July 25, 2014 at 02:20 PM
"Binomial coefficients?"
And he smote them hip and thigh, with a great slaughter; and hee went down and dwelt in the top of the rocke Etam.
Posted by: MarkO | July 25, 2014 at 02:26 PM
133 The law of unintended climate consequences at work -- study says 23% of warming in Europe since 1980 due to clean air laws
A paper published today in Geophysical Research Letters finds that clean air laws which greatly reduced sulfur dioxide emissions explain 81% of the "brightening" of sunshine and 23% of the surface warming in Europe since 1980. However, the authors note "this phenomenon is however hardly reproduced by global and regional climate models."
Posted by: Neo | July 25, 2014 at 02:31 PM
Uh OH better come up with another excuse besides Speak O. All ready a second tape of Gruber has surfaced. Says the same thing again.
I think I will open the over/under on these tapes at 5, but given how much lefty professors like to hear themselves drone on, I may need to raise that soon enough.
Posted by: GMax | July 25, 2014 at 02:31 PM
Well, number of possibilities given number of characters is not the whole story anyway. The hackers maintain dictionaries of all words (literally) in upper and lower case (as well as each possibility of mixed case), plus common number for letter substitutions (i.e. 3 for e) in each encryption algorithm. When they trap your traffic, a quick look-up gives them the answer. That is why almost all password recomendations suggest longest possible string on random characters including both upper and lower case letters. You won't remember it, but it won't be in the look-up table either.
Posted by: henry | July 25, 2014 at 02:32 PM
2nd Time Gruber-- in his written prepared remarks...
TYPO!
Posted by: NK(withnewsoftware) | July 25, 2014 at 02:37 PM
127
Posted by: Beasts of England | July 25, 2014 at 02:43 PM
Insty is just beating the tar out of Gruber and the Juiceboxers.
Posted by: NK(withnewsoftware) | July 25, 2014 at 02:43 PM
Lurch promoting foreign unity:
http://weaselzippers.us/194443-israeli-cabinet-unanimously-rejects-john-kerrys-cease-fire-proposal/
Posted by: Captain Hate | July 25, 2014 at 02:45 PM
henry@232-- so the most secure passwords are those that can never be recovered or used by anyone.... SPLUNGE!
Posted by: NK(withnewsoftware) | July 25, 2014 at 02:46 PM
http://m.reviewjournal.com/news/nevada/lawmaker-says-blm-was-completely-insane-bundy-standoff
Posted by: Threadkiller | July 25, 2014 at 02:50 PM
NK, as a guy in a quiet agency told me in the 80s, the only secure computer system is locked in an underground vault, not plugged in, with no authorized users. The truly scary thing is in something like the ACA exchange where gaining a single's user's access allows a hacker to get all data -- in too many sites we are at the risk of the worst password selection on the system. The password is the front end, my worries are on the back end.
Posted by: henry | July 25, 2014 at 02:54 PM
Just imagine what this administration has done. Harvard, Yale, Princeton, they've all beclowned themselves, now M.I.T., too
Posted by: peter | July 25, 2014 at 03:02 PM
peter. So right!
Add in Columbia, too!
And let's remember that they also destroyed the reputations of the National Parks Service Rangers during the shut-down.
Plus have lost respect for a lot of businesses and corporations, too.
Posted by: Miss Marple | July 25, 2014 at 03:11 PM
What henry said. If it's plugged into the wall, an Ethernet connection, or linked via WiFi, then you're at someone's mercy. Just hope for the best...
Posted by: Beasts of England | July 25, 2014 at 03:26 PM
BREAKING ...
Pope Francis will come to Philadelphia in September 2015 to attend the World Meeting of Families, according to Archbishop Charles Chaput.
LUN
Posted by: Neo | July 25, 2014 at 03:28 PM
But the Jesuit Pope isn't going to see Mayor Bane's NYC?
Posted by: NK(withnewsoftware) | July 25, 2014 at 03:32 PM
The cap-shift (which I denote as "^") cannot appear at the end of a password. Denote the empty string as ".". The shift either occurs before each lower case letter or it does not (which I denote as ^+.).
Expressed as a regular expresseion, the set of possible passwords is
which represents
which is 52 to the 6th, which is what you'd expect.
Posted by: melanerpes | July 25, 2014 at 03:36 PM
http://www.gembapantarei.com/typewriter2.PNG
What about the device in the link? Is that safe from NSA spying (at least prior to when the product is transmitted)?
Posted by: Thomas Collins | July 25, 2014 at 03:43 PM
yes Miss Marple you could make an extensive list of those who slept with dogs and woke up with fleas. Insurance companies that supported Obamacare, Mike Beschcloss, who else?
Posted by: peter | July 25, 2014 at 03:44 PM
that is only 19 Billion possible combinations. Convert it to bitcoins, and paydown the National Debt!
Posted by: GMax | July 25, 2014 at 03:46 PM
Using a twelve character string of only minuscule letters, allowing for repeated (similar) characters, e.g. fcyutjlopfgs, yields 2^56 combinations.
Posted by: Beasts of England | July 25, 2014 at 03:47 PM
This thread brings to mind the communications rule of Federal Hill in Providence in the 1970s: Don't write it if you can say it, don't say it if you can nod it, and when in doubt, don't nod it.
Posted by: Thomas Collins | July 25, 2014 at 03:47 PM
I always take some comfort to being behind a router. The bad guys can see the router, but no farther. Seems to have worked so far...
Posted by: GMax | July 25, 2014 at 03:48 PM
peter,
Also Noonan and Brooks. Several movie stars.
Oprah Winfrey!!! She got wrapped into the Chicago fiasco and it was all downhill from there.
Posted by: miss Marple | July 25, 2014 at 03:57 PM
Add Newsweek and the New Yorker, the Slimes, David Petraeus, General Motors, Citigroup, GE,
Posted by: peter | July 25, 2014 at 04:16 PM
I think you left off the sarcasm tag GMax...
Posted by: Beasts of England | July 25, 2014 at 04:19 PM
Biggest typo yet so far
Insty has links to Max Baucus Chairman of the Senate Finance committee explaining the requirement that states MUST set up exchanges in order to get tax credits for their residents.
Its not a bug, its a feature!
I am so loving these lefties, especially Ezra, being shown to be nothing but lying hyperpartisans. Is it too much to ask for them to be at least contrite lying hyperpartisans, when caught on tape with their hands both jammed down in the cookie jar?
Posted by: GMax | July 25, 2014 at 04:20 PM
You need to look at this analysis:
https://www.grc.com/haystack.htm
Posted by: David Pruett | July 25, 2014 at 04:24 PM
Well, after all of these typos being revealed, I do not see how the government can continue its argument without committing perjury.
Posted by: miss Marple | July 25, 2014 at 04:24 PM
Why would the government care about committing perjury?
Posted by: Jane | July 25, 2014 at 04:28 PM
GMax, assuming no exploits in the router... Unfortunately there are exploits for the major brands and you need to keep the router software up-to-date.
Posted by: henry | July 25, 2014 at 04:33 PM
Excellent link David P!
Posted by: henry | July 25, 2014 at 04:36 PM
I said "some" comfort, it well may be cold comfort. Cold comfort is better than no comfort at all...
Posted by: GMax | July 25, 2014 at 04:40 PM
Thanks David P.
According to the site, even under the worst case scenario it would take over 1.83 years to crack my pw.
Posted by: Bori | July 25, 2014 at 04:42 PM
The router should offer you no succor, GMax. Now, I'll shut up.
Only 1.83 years, Bori? Perhaps you should change your password from 'Bori' to something else! ;)
Posted by: Beasts of England | July 25, 2014 at 04:47 PM
According to the site, even under the worst case scenario it would take over 1.83 years to crack my pw.
Unless Gibson Research just sold it to a Russian hacker...
Posted by: Some Guy | July 25, 2014 at 04:59 PM
I just changed all my passwords to D0g...................
D'oh!
Posted by: Ignatz | July 25, 2014 at 05:05 PM
I know captcha, came from the same corner of Mount Doom, that conjured up Windows Vista,
Posted by: narciso | July 25, 2014 at 05:13 PM
I thought I would check in while cooking dinner.
Alas, mah, something I am very poor at.
Posted by: miss Marple | July 25, 2014 at 05:14 PM
Uh, math.
Spelling, too.
Posted by: miss Marple | July 25, 2014 at 05:15 PM
I was told there would be no math.
Posted by: Sue | July 25, 2014 at 05:38 PM
For those of you making the point that to the Court, the rantings of Gruber, while fun, are of no import. OK fair enough. How about Max Baucus, Democrat Senator and Chairman of the Senate Finance committee? Seems to me he is more than one of 100 Senators, he is both in the voting majority, and the chairman of one of the committee who wrote the law and the law was voted out of that committee.
Posted by: GMax | July 25, 2014 at 05:48 PM
Culture of Corruption? A Democrat officeholder indicted in Dallas. This guy is guilty as hell. Another Freezer Jefferson.
DALLAS — Dallas County Commissioner John Wiley Price and three associates have pleaded not guilty after being arrested by FBI agents Friday, ushering in a new chapter in what is arguably the most high-profile public corruption investigation in Dallas history.
Sarah Saldaña, U.S. Attorney for the Northern District of Texas, announced the specific charges at an 11 a.m. news conference. She said for more than a decade, Price sold the power of his office in "a shocking betrayal of public trust."
A 106-page federal corruption indictment, filed under seal on July 23, is now public. It outlines a million dollar web of mail fraud, tax fraud, bribery and other malfeasance allegedly led by Price, who faces up to 30 years in prison if convicted.
Took bribes to vote on contracts awarded by Dallas County. Allegations that he provided the bribers with confidential information on competing bids that would allow them an unfair advantage as well. For cash of course. Slimy.
Posted by: GMax | July 25, 2014 at 05:57 PM
Baucus got out of Dodge before the ACA-exposing gunslingers showed up. He was replaced by the plagiarist:
http://www.washingtonpost.com/politics/plagiarism-scandal-overshadows-sen-john-walshs-moment-to-shine/2014/07/24/ed56e4da-1371-11e4-8936-26932bcfd6ed_story.html
Posted by: BeenThereDoneThat | July 25, 2014 at 05:58 PM
Stop picking on Walsh. He says it was PTSD. Well his aide said he was never treated for it, but still.
Posted by: GMax | July 25, 2014 at 06:13 PM
Hmmph. Normally this sort of problem holds my attention when the alternative is finalizing my taxes; I don't know why I am locked up on this now.
Anybody remember "A Beautiful Mind?"
IIRC, John Nash started going nuts when he read too many New York Times Editorials and started thinking about combinatorials.
TM, if you start seeing Ed Harris,
fer Gawd's sake, put down the Krugman OpEd, but please say "Hey" to Jennifer Connelly for me:)
Posted by: daddy | July 25, 2014 at 06:18 PM
Thank you, daddy, for bringing pictures.
The equations were skewering me.
Posted by: miss Marple | July 25, 2014 at 06:20 PM
Scaring! Autocorrect!
Posted by: miss Marple | July 25, 2014 at 06:21 PM
Yeah....post traumatic stress, alright. Funny how Democrats can't resist elaborating on their boiler-house lies.
Posted by: BeenThereDoneThat | July 25, 2014 at 06:23 PM
yes trying to make sense of Krugman, is not unlike discovering a Soviet nuke, in a pile of
radio intercepts.
Posted by: narciso | July 25, 2014 at 06:27 PM
Gmax,
Has anyone noticed how many AA's politicians are being prosecuted by this Administration, a cynical man might say they either feel that no harm will come to them or they are moving on to another group for their cronyism. Hispanics your next!
Posted by: Bori | July 25, 2014 at 06:30 PM
I don't know about any others under indictment, but as Eva Peron said, Don't cry for me Argentina. I lived in the neighboring county for 25+ years, and worked in Dallas County during a portion of that time. He is as crooked and as slimy as they ever come. The FBI is a bulldog, I am sure they have him on tape asking for the mordida...
Posted by: GMax | July 25, 2014 at 06:39 PM
Liked this comment by Dr K on his loser of the week:
Loser of the week, Hillary Clinton, for saying "The Reset with Russia was a success." Try saying that in Ukrainian.
Posted by: daddy | July 25, 2014 at 06:59 PM
John Wylie Price has been investigated since the 80s and nothing ever happens to him. My father in law died in 1994 and he was griping about him back then.
Posted by: Sue | July 25, 2014 at 07:12 PM
Yeah but the FBI got involved about 3 years ago, and he is now toast. He was so cocky, I am sure he is on tape demanding money to vote for a contract award. And they have seize around $500K, all cash. How does a county commissioner have that kind of walking around money?
Posted by: GMax | July 25, 2014 at 07:16 PM
I'll believe it when he's locked up.
Posted by: Sue | July 25, 2014 at 07:17 PM
Q: What is the difference between a dog scratching at your door and a Professor of Mathematics scratching at your door?
A: If you let the dog in, he stops whining.
BTW, Yankee's down 3 to 0 in the first, only 1 out so far.
Posted by: daddy | July 25, 2014 at 07:22 PM
Well OK. Don't take my word for it, lets ask a Stanford Professor of law:
Posted by: GMax | July 25, 2014 at 07:23 PM
Posted by: GMax | July 25, 2014 at 07:24 PM
The current pitcher for TM's Yankee's gave up 3 runs after only 19 pitches.
Now he is at 27 pitches and has a runner at first and a 2 and 2 count.
If given 19 pitches TM's Yankee pitcher can give up 3 runs, how many runs can he give up by the 4th inning?
(19 ^ 3) x 4 (-8) =
Posted by: daddy | July 25, 2014 at 07:28 PM
Math Daddy? Really? It's Friday night.
Posted by: Jane | July 25, 2014 at 08:02 PM
Bonkers, I deal with enough numbers and equations at work!
Posted by: Bori | July 25, 2014 at 08:07 PM
http://www.breitbart.com/Big-Government/2014/07/25/Sessions-To-America-I-Need-Your-Help-To-Stop-Obama-s-Executive-Amnesty-Plans
Asymmetrical
Posted by: Threadkiller | July 25, 2014 at 08:07 PM
Preach it Sister Jane!
LOL
Posted by: Another Bob | July 25, 2014 at 08:09 PM
From my Math Apocrypha book:
Albert Einstein was Kurt Godel's closest personal friend in Princeton. For several years, Einstein, Godel and Einstein's assistant Ernst Straus who later moved to UCLA and specialized in combinatorial theory, would lunch together. During lunch they discussed diverse non-mathematical topics---frequently politics. One notable discussion took place the day after Douglas MacArthur was given a ticker-tape parade down Madison Avenue upon his return from Korea. Godel came to lunch in an agitated state, insisting that the man in the picture on the front page of The New York Times was not MacArthur but an impostor.
The proof?
Godel had an earlier photo of MacArthur and a ruler. He compared the ratio of the length of the nose to the distance of the tip of the nose to the point of the chin in each picture. These were different: Q.E.D.
Posted by: daddy | July 25, 2014 at 08:19 PM
Math Daddy? Really? It's Friday night.
Jane,
Here's a very appropriate equation for Friday Nights!
Posted by: daddy | July 25, 2014 at 08:22 PM
Rosebud
Posted by: Exasperated | July 25, 2014 at 08:30 PM
Here's an Equation for ya!
If in 2004 there are 11 Million Illegal Aliens in the US, and if there are an estimated 1 million new Illegal Aliens crossing the Border into the US each year, then how many Illegal Aliens are currently in America?
The equation I believe can be expressed like this:
11 Million, + (1 Million x 10 years) = ?
Surprisingly the answer always remains 11 Million.*
*(In the Kudlow version of this equation, thats 11 Million Brainiacs.)
Posted by: daddy | July 25, 2014 at 08:31 PM
Here's a very appropriate equation for Friday Nights!
Not if you are dumb as a plug. So what's the "n"?
Posted by: Jane | July 25, 2014 at 08:43 PM
Hey, daddy...
6-4 Yankees in the bottom of the 5th. Mock them at your peril...
(OK, when another one of our 80-year-old outfielders goes down with an injury, you can resume your mockery)
Posted by: James D. | July 25, 2014 at 08:45 PM
It isn't "F. U." Jane.
Its "fun"
:-)
Posted by: Threadkiller | July 25, 2014 at 08:48 PM
Jane, I think that refers to the exponential power of multiple eff you's.
Posted by: Once, twice, three times the charm. | July 25, 2014 at 08:50 PM
So what's the "n"?
"n" = Prosecution.
Posted by: daddy | July 25, 2014 at 08:52 PM
daddy,
I liked Jennifer Connelly better before she lost weight. After she got 'hollywood skinny' she looks like a thousand other actresses.
Posted by: Some Guy | July 25, 2014 at 08:56 PM
He'd stay home alone on a Friday night before he would date any of those other 1,000 beautiful actresses. Heart-breaker, Some other guy, has his standards.
Posted by: Exasperated | July 25, 2014 at 09:09 PM
JamesD,
I love my Ichiro, but it's tough having to rely on him to be knocking homers.
Posted by: daddy | July 25, 2014 at 09:09 PM
the revisionism hits eleven:
It occurred to me today, or, more likely, I remembered the musings of a wiser man, that the impetus behind the JFK truther bubble was that am effing commie had killed him, and not a right-wing troglodyte, this was unpossible.
In other news, Sirhan Sirhan was the first, and still unacknowledged, Palestinian terrorist.
Posted by: Strawman Cometh | July 25, 2014 at 09:10 PM
Maybe Veronica Mars should get a clue;
http://twitchy.com/2014/07/25/zing-comedian-goremys-advice-to-kristen-bell-is-music-to-our-ears-video/
not merely a commie, but someone with contacts with the Cuban mission in Mexico City, as Phillip Shenon's investigation has turned up
Posted by: narciso | July 25, 2014 at 09:17 PM
Without Googling them, who is Veronica Mars? Who is Kristen Bell?
Posted by: Exasperated | July 25, 2014 at 09:25 PM
Me too, Some Guy.
the revisionism hits eleven...the JFK truther bubble
I see the US Mint is updating the image of JFK on coins to make him look more like Jackie Kennedy thought that he should look like.
Posted by: daddy | July 25, 2014 at 09:29 PM
You gotta roll with the punches, ex.
Posted by: Air Control helps. | July 25, 2014 at 09:30 PM