Answer:
Up to 99.99958% safer
Explanation:
Assuming the attacker knows the password restrictions (upper and lower case letters and digits only)
Lets calculate the password combinations for each possible length:
Total characters possible: [a-z]+[A-Z]+[0-9] = 62
(A) Passwords of length = 8 -> [tex]62^8=218,340,105,584,896[/tex]
(B) Passwords of length = 7 -> [tex]62^7=3,521,614,606,208[/tex]
(C) Passwords of length = 6 -> [tex]62^6=56,800,235,584[/tex]
(D) Passwords of length = 5 -> [tex]62^5=916,132,832[/tex]
If length is not known, but between 5 and 8:
(E) Passwords of length = [5-8] ->
[tex]\sum_{5 \to 8} 62^{n} = \frac{62^9-62^5}{62-1}=221,919,436,559,520[/tex]
Finally, to compare how much safer is to keep the password length hidden, we'll calculate the percentage of (A) to (D) passwords against (E)
The formulas are:
[tex]1-\frac{(A)}{(E)} *100 = 1.61\% safer[/tex]
[tex]1-\frac{(B)}{(E)} *100 = 98.41\% safer[/tex]
[tex]1-\frac{(C)}{(E)} *100 = 99.97\% safer[/tex]
[tex]1-\frac{(D)}{(E)} *100 = 99.99958\% safer[/tex]
