Security....

[Lew Bloch]

"Rodolfo J. Paiz" suggested:
> Even when I do use passwords (and assuming the 8-char "standard"), I
> always have at least one upper- and lower-case letter, one number, and
> one special char. So that's actually 948 = 6,095,689,385,410,816 or
> about 6.1 x 1015.
> 
> If I did my quick figures right, they'd have to exceed 1.93 million
> attempts per second to be statistically likely to crack my box in less
> than 100 years. Not bloody likely, and still very secure. <grin>

That's assuming that all characters from all character sets are equally 
likely in every position in the password.  In fact, human-generated 
passwords tend to have fewer punctuation and digit characters than the 
statistical likelihood.  Exploiting this and similar facts would speed 
up the attack considerably.

Some cracking will use techniques that have a high(er) probability of 
hitting the correct value than simplistic brute-force methods.  Basing 
your security estimate on defense against brute force only is probably 
not optimal if you have anything significant to protect.

If the only attacks you get are from script kiddies, then your odds are 
better.