Depends whether its a unicode or ascii string... BlitMax strings are Unicode, which means they use 2 bytes (16 bits) to store every character, as oppose to the older ASCII strings which only require 1 (8 bits).
As such, if you are using a BlitzMax string to represent a 256-bit passcode, you could argue, that you should use:
256/16 = 16 Unicode Characters
However, you could argue that for pass-codes, you will only be using the ASCII character set anyway, and so it would be more sensible to use 32 ASCII characters as it would be more secure with a smaller range of character values.
|