Ask HN: 5-digit alphanumeric or 12-digit integer simpler and more secure?

2 points by aen ↗ HN

8 comments

[ 136 ms ] story [ 1590 ms ] thread
5-digit alphanumeric e.g. HEL2N
12-digit integer e.g. 907653849272
Compare possible brute force combinations: (26+10)^5 vs. 10^12
That would be 10e12 vs 60.466.176. Pretty easy from the security pov.

Also if an alphanumeric string should be entered / remembered by humans make sure to strip I, l, etc.

For case-sensitive alphanumeric: (26+26+10)^5

Which is still far lower than 12 digits.

Even with 5 x 62 case sensitive alphanumeric digits, 12 integers is roughly 1000 times more secure
This is for some password authentication?

I never understand why people restric password length. Why not 12-char alphanumeric? Or 32-char alphanumeric? Most people will use 10-char passwords (or shorter), but those concerned with security could use better.

BTW - I'v got idea how to ensure people will use unique secure passwords on your site. It's a little harsh, but still.

For each new user in registration form calculate 4-letters hash (from user number, timestamp, whatever), and require user to include this hash in his password (and that the password is at least X characters long). User that has favorite password "swordfish" will just use "swordfishX13h" probably, but it's still better than "swordfish".

I think the question is not password related as the key may be used as a UID for a "semi restricted" link.