On Tue, 3 Apr 2001, Henry Nelson wrote:

> For the first time I thought I'd use a password that was all lower
> case letters, but I got a warning I shouldn't do that.  Does that
> mean a user could look at some file and tell by the encryption sequence
> that the password was composed of letters only?  Why should all-
> lower case be any less secure than a mixture of upper and lower, with
> or without digits?  The message also suggests the use of "control
> characters."  Does that mean I could use ^C or ^Z?  What's the deal?
>

You can't tell about the password case by looking at the encryption
sequence...however, using mixed case makes brute force cracking
muchmuchmuch more difficult.

Imagine if your password was a simple dictionary word...such as
"password".  You could blow through a dictionary attack pretty
quickly...but, if your password was "PaSSwOrD", you'd have to try every
dictionary word with every case combination possible...thus making the
password that much more resistant to brute force cracking.