Derive an algorithm for computing the number of restricted passwords for the general case?

3,155

The algorithm is here derived for the case that the password is required to have at least one character from each of the 4 character groups. The derivation is essentially the same for the cases of one , two, and three character groups. Disjoint subsets of the passwords meeting this requirement are defined by the order in which the first appearance of characters from group $G_i$ for i=1 to 4 occurs in the password scanning from left to right. For example a character from $G_3$ could appear first followed by $G_1$ followed followed by $G_4$ followed by $G_2$. Or $G_2$ could appear first followed by $G_1$ followed by $G_4$ followed by $G_3$. There are 4! = 24 of these disjoint subsets formed by all the permutations in the order of appearance. These subsets are definitely disjoint; a password with one order of first appearance of character from the groups $G_4$ is different from a password with a different order. Also the union of these disjoint subsets is equal to the set of all passwords meeting the requirement that it have at least one character from $G_1,$ $G_2,$ $G_3,$ and $G_4$ since any password meeting this requirement must have some order of first appearance of characters from these groups.

Therefore we can sum the number of passwords in each of these disjoint subsets and get the total number of passwords meeting the requirement.

Before summing the passwords in each of these 4! disjoint subsets, it is necessary to generate the 4! permutations of $\{1 \,2 \,3 \,4\}.$ These 4! permutations correspond to the 4! permutations of $\{G_1 \,G_2 \,G_3 \,G_4\}.$ This could be done manually but it is faster to use a computer algorithm. The algorithm used is what Donald E. Knuth calls "METHOD 1" on page 44 of his 1968 book, "The Art of Computer Programming: Volume 1, Fundamental Algorithms". Starting with the 2! = 2 permutations of 1 and 2, METHOD 1 is used to generate the 3! = 6 permutations of 3 groups. Applying it again gives the 4! = 24 permutations of 4 groups order of first appearance. The number of passwords in each of these 24 disjoint subsets can be summed as shown below to obtain the total number of passwords meeting the requirement. Using Knuth's method 1 to generate the n! permutations of the first n positive integers involves inserting n before each integer in a permutation of the first (n-1) integers and after the last integer in that permutation thereby generating n permutations of the first n integers. This is done for each of the (n-1)! permutations of the first (n-1) integers. There are thus $n(n-1)!\,=\,n!$ permutations of the first n integers generated. For example if we start with the two permutations of 1 and 2, $\{1\,2\}$ and $\{2\,1\}$ and insert 3 before each of the integers and after the last integer in the first permutation of 1 and 2 we get the three permutations $\{3\,1\,2\}$, $\{1\,3\,2\}$, and $\{1\,2\,3\}$. Doing the same for the second permutation of 1 and 2 we get the three permutations $\{3\,2\,1\}$, $\{2\,3\,1\}$, and $\{2\,1\,3\}$. These are clearly the six permutations of 1, 2, and 3.

The 4! permutations are now numbered from 1 to 24. It doesn't matter how the permutations are numbered so long as exactly one integer from 1 to 24 is assigned to each of the permutations. Now let $I_k$ denote permutation with number k. Since $I_k,$ corresponds to one of the 4! permutations of 1, 2, 3, and 4, it also corresponds to a permutation of the groups, $G_1,$ $G_2,$ $G_3,$ and $G_4$. $I_k$ is a 1 x 4 array with elements, $I_k[1],$ $I_k[2],$ $I_k[3],$ and $I_k[4].$


Let j1, j2, j3, and j4 denote the password position in which the first character from groups $G_{I_k[1]},$ $G_{I_k[2]},$ $G_{I_k[3]},$ and $G_{I_k[4]}$ respectively occur. The values of j1, j2, j3, and j4 are determined by scanning from left to right counting from 1 to n. It is necessary that $$0 \lt j1 \lt j2 \lt j3 \lt j4 \lt (n+1).$$

Now we discuss how to compute the number of passwords, $S(I_k,j1,j2,j3,j4)$, for permutation $I_k$ with password positions j1, j2, j3, and j4. For the case in which $n_t=g1+g2+g3+g4,\,$ j1 must equal one since any character that appears in position one of the password must be from some group. For the more general case it is possible that $n_t>(g1+g2+g3+g4).$ To be more general we allow for this possibility while still providing a solution for the case in which $n_t=g1+g2+g3+g4.$ There are $(n_t-(g1+g2+g3+g4))^{(j1-1)}$ possibilities for the characters before j1 since the charcters before the j1 position would have to be a character not in groups $G_1,$ $G_2,$ $G_3,$ or $G_4$ and there are (j1-1) positions before j1. $(n_t-(g1+g2+g3+g4))^{(j1-1)}$ could be of the form $0^0;$ to allow for this possibility, let
$f1=(n_t-(g1+g2+g3+g4))^{(j1-1)}$ if $(n_t-(g1+g2+g3+g4))>0$ and let
$f1=1$ otherwise.
For the characters at the j1 position, there are $g_{I(1)}$ possibilities. For the characters between the j1 and the j2 position, there are $(n_t-(g_{I(2)}+g_{I(3)}+g_{I(4)}))^{(j2-1-j1)}$ possibilities. This is true since any characters not in the groups $g_{I(2)}$, $g_{I(3)}$, or $g_{I(4)}$ could appear in these positions and because there are (j2-1-j1) positions between the j1 position and the j2 position. For the character in the j2 position, there are $g_{I(2)}$ possibilities. For the characters in the positions between j2 and j3 there are $(n_t-(g_{I(3)}+g_{I(4)}))^{(j3-1-j2)}$ possibilities. This is true since any characters not in the group $g_{I(3)}$, and not in group $g_{I(4)}$ could appear in these positions. And because there are (j3-1-j2) positions between the j2 and j3 position. For the character in the j3 position, there are $g_{I(3)}$ possibilities. For the characters in the positions between j3 and j4 there are $(n_t-g_{I(4)})^{(j4-1-j3)}$ possibilities since any character not in group $g_{I(4)}$ could appear in these positions. And because there are (j4-1-j3) positions between the j3 position and the j4 position. For the character in the j4 position, there are $g_{I(4)}$ possibilities. For the characters following the j4 position, there are $n_t^{(n-j4)}$ possibilities. This will give $n_t^0$ when j4 is the last position in the password but this should evaluate to one causing no problem. Thus the number of passwords for permutation $I_k$ with password positions j1, j2, j3, and j4 is

$$S(I_k,j1,j2,j3,j4)=f1*g_{I(1)}*(n_t-(g_{I(2)}+g_{I(3)}+g_{I(4)}))^{(j2-1-j1)}*g_{I(2)}*(n_t-(g_{I(3)}+g_{I(4)}))^{(j3-1-j2)}*gI_{(3)}*(n_t-g_{I(4)})^{(j4-1-j3)}*g_{I(4)}*n_t^{(n-j4)}$$ .

$$S(I_k)=\sum_{j4=4}^n \sum_{j3=3}^{j4-1} \sum_{j2=2}^{j3-1} \sum_{j1=1}^{j2-1} S(I_k,j1,j2,j3,j4)$$

gives the number of passwords corresponding to permutation, $I_k$.

$$Total=\sum_{k=1}^{24} S(I_k)$$ gives the total number of passwords satisfying the requirement stated at the beginning. Similarly, algorithms can be derived for computing the number of passwords which contain at least one character from one group, at least one character from each of two groups, or at least one character from each of three groups. For the simple case of an unrestricted password, there are $n_t^n$ possible passwords.

Avoid this fallacy

There is a common fallacy in solving this type of problem. It can be demonstrated for the case in which there are $n_t=95$ characters which can be used in an 8 character password which is required to contain at least one of the 26 lower case letters and at least one of the 10 digits.
It is tempting to think that $\frac{8!}{6!}$ permutations times $26*10*95^6$ or $\frac{8!}{6!}*26*10*95^6$ gives the total number of passwords meeting this requirement. But this is incorrect since for example if the first appearance of the lower case letter and the digit are in the second and third positions of the password then there are only $(n_t-26-10)$ choices for the first password position. Therefore it is necessary that something similar to the summing procedure discussed above be used to solve the problem.

Computational Accuracy

When using Fortran with variables of type REAL (KIND=16), that is with real variables using 16 bytes, the accuracy is approximately 33 decimal places. This translates to accurate for passwords of length 16 or less. The number of passwords of length 16 is between $10^{32}$ and $10^{33}$. The number of passwords of length 17 is greater than $10^{33}$.

This concludes the derivation and algorithm description. The numerical results from using the algorithm follow.

In the result which follow, NGROUP denotes the number of characters in the groups, $g_1$, $g_2$, $g_3$, and $g_4$. NTOT denotes the total number of characters which can be used in a password and NPWD denotes the length of a password.

These are the user specified input values. &GROUPS NGROUP= 2*26 , 10, 33, NPWD= 4, NTOT= 95, / The following computations are made for the case of 95 total characters available for use in a password of length 4. Total unrestricted passwords is 0.8145062500000000000E+08. Total passwords required to have at least one character from group with 26 characters is 0.5878350400000000000E+08. Total passwords required to have at least one character from each of groups with 26 and 26 characters is 0.3953518400000000000E+08. Total passwords required to have at least one character from each of groups with 26, 26, and 10 characters is 0.1038336000000000000E+08. Total passwords required to have at least one character from each of groups with 26, 26, 10, and 33 characters is 0.5353920000000000000E+07.
____________________________________

These are the user specified input values. &GROUPS NGROUP= 2*26 , 10, 33, NPWD= 6, NTOT= 95, / The following computations are made for the case of 95 total characters available for use in a password of length 6. Total unrestricted passwords is 0.7350918906250000000E+12. Total passwords required to have at least one character from group with 26 characters is 0.6271737253600000000E+12. Total passwords required to have at least one character from each of groups with 26 and 26 characters is 0.5255769275120000000E+12. Total passwords required to have at least one character from each of groups with 26, 26, and 10 characters is 0.2314970112000000000E+12. Total passwords required to have at least one character from each of groups with 26, 26, 10, and 33 characters is 0.1994790283200000000E+12.
____________________________________

These are the user specified input values. &GROUPS NGROUP= 2*26 , 10, 33, NPWD= 8, NTOT= 95, / The following computations are made for the case of 95 total characters available for use in a password of length 8. Total unrestricted passwords is 0.6634204312890625000E+16. Total passwords required to have at least one character from group with 26 characters is 0.6120405925089456000E+16. Total passwords required to have at least one character from each of groups with 26 and 26 characters is 0.5618295765277624000E+16. Total passwords required to have at least one character from each of groups with 26, 26, and 10 characters is 0.3185644980470160000E+16. Total passwords required to have at least one character from each of groups with 26, 26, 10, and 33 characters is 0.3051925477389360000E+16.
____________________________________

These are the user specified input values. &GROUPS NGROUP= 2*26 , 10, 33, NPWD= 10, NTOT= 95, / The following computations are made for the case of 95 total characters available for use in a password of length 10. Total unrestricted passwords is 0.5987369392383789466E+20. Total passwords required to have at least one character from group with 26 characters is 0.5742749976717899366E+20. Total passwords required to have at least one character from each of groups with 26 and 26 characters is 0.5500291729520164864E+20. Total passwords required to have at least one character from each of groups with 26, 26, and 10 characters is 0.3633617877753681510E+20. Total passwords required to have at least one character from each of groups with 26, 26, 10, and 33 characters is 0.3598646195641078170E+20.
____________________________________

Share:
3,155

Related videos on Youtube

Robert H Biggadike
Author by

Robert H Biggadike

Updated on July 23, 2022

Comments

  • Robert H Biggadike
    Robert H Biggadike over 1 year

    Derive and explain an algorithm for computing the number of possible passwords of length n with requirements on containing characters from four groups as stated in (1) AND (2) below. These four groups could for example be the lower case letters, upper case letters, digits, and a group consisting of punctuation marks & special characters. Call these groups, $G_1,$ $G_2,$ $G_3,$ AND $G_4$ respectively.

    Assume there are $n_t$ ascii characters which can be used in a password of length $n$. Assume that the four groups have $g_1$, $g_2$, $g_3$, and $g_4$ characters respectively. It is required that $n_t$ is at least as large as $(g_1+g_2+g_3+g_4)$. For the case $n_t=95, g_1=26, g_2=26, g_3= 10$, and $g_4=33$, use the algorithm you have derived to

    (1) Compute for a password of length four (i.e. n=4) the number of unrestricted passwords, the number of passwords with at least one character in $G_1,$ the number of passwords with at least one character in each of $G_1$ and $G_2,$ the number of passwords with at least one character from each of $G_1,$ $G_2,$ and $G_3,$ and the number of passwords with at least one character from each of $G_1,$ $G_2,$ $G_3,$ and $G_4$.

    (2) Repeat the calculations in (1) for the case of passwords of length $6$, $8$, and $10$.

    Remember we are looking for an algorithm which can be used for many different cases, not just computations for solving a specific case.

    • Robert H Biggadike
      Robert H Biggadike almost 7 years
      I have attempted to post a solution but I get the error, "This looks like spam". Does anybody know how to solve this "This looks like spam" problem. I set up an HTML file so that it would display MathJax properly. I then wrote out my solution and checked it out so as to eliminate errors before submitting it to Stack Exchange but now they are giving me this spam accusation. I have noticed others saying they couldn't post because they had no place to practice MathJax. Stack Exchange sure makes it hard.
    • mvw
      mvw almost 7 years
      Do not use HTML. The editor will give you hints (question mark icon at the top right) and a link to more help. The markup is not that hard and the formulas use a subset of TeX / LaTeX commands.
    • Robert H Biggadike
      Robert H Biggadike almost 7 years
      Thank you mvw. I finally got my answer submitted by first adding just the first 2 paragraphs, then adding the rest with edits and save edits.
    • Robert H Biggadike
      Robert H Biggadike almost 7 years
      mvw, thank you for changing nt to $n_t$ in the question section. I did the same for the answer section. I think it certainly makes these sections look better. It is truly great to know that at least one other person who has taken enough interest in the post to try to improve it,
    • Robert H Biggadike
      Robert H Biggadike almost 7 years
      Now who was the character or characters who down voted my question and down voted my answer? These people who down vote without giving any reason are completely irresponsible. This is totally disgusting. After I work so hard to pose an interesting question and give an answer to a problem which is more difficult than it appears and then have it down voted is completely unfair. This is just sour grapes on the part of the down voter.
    • Robert H Biggadike
      Robert H Biggadike almost 7 years
      I think the policy of Stack Exchange in allowing anonymous down voting does not result in getting the best quality answers. It results in people casting votes based on whether they like somebody or not rather than the quality of the mathematics. It would be much better if there were discussion as to what one thinks is right or wrong about a post.
    • Robert H Biggadike
      Robert H Biggadike over 6 years
      The solution I have provided below is certainly superior to other solutions on Stack Exchange. The solution I provide is for the general case. Others have struggled to find the solution for one special case. Those who have down voted my solution have been unable to display the IQ required to make an intelligent comment.