My question has to do with password strength. I've read many times it is a good idea to have not only upper and lower case letters in a password, but also have numbers and symbols. This will make it harder to break. However, what I don't understand is HOW it would be harder to break? I understand by adding numbers and symbols into the mix, you are making it take that much longer for a brute force attack to be successful.
HOWEVER--if the person trying to crack your password doesn't KNOW whether you have all letters or a combination of letters, numbers, symbols, wouldn't any two passwords of the same length theoretically take the same amount of time to crack, no matter their make up?
For example, if I have two passwords of 15 characters:
abcdefghijklmno
x@65:f$kW8)?=9F
If the attacker doesn't know that I used the first one (with only letters), then he/she will still have to implement numbers and symbols in the attack, and it should theoretically take just as long to crack it.
Or am I missing something?
thanks,
mike.