This question is about password security.

a) Explain why many services and organisations require users to include numbers and special characters in passwords. (3 marks)

b) Assuming all users would choose random bit-strings as passwords (i.e. random passwords randomly generated by a password safe), discuss whether the mandatory inclusion of numbers and special characters increases security or not. Marks will only be given for a correct discussion and not for yes/no answers. (4 marks)

c) Proof your point from b) mathematically under the following simple assumptions: passwords must be exactly 10 characters long where each character is encoded as 1 byte, all 256 possible character values are accepted in passwords, and the password policy is that one of these characters must be a digit (0-9). (5 marks)