From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 18 Apr 1996 17:02:09 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604172037.QAA17212@apollo.gti.net>
Message-ID: <Pine.SOL.3.91.960417173232.3025G-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 17 Apr 1996, Mark Rogaski wrote:

> 
> Is it possible to find a percentage of the key space to eliminate that
> will optimize security assuming that the attacker will try the easy
> stuff first (and is it possible to quantify "easy stuff")?

Hmmm- I think this could be interesting to study; if we treat the space 
of possible passwords as a non-uniform probability distribution 
(Zipfian?), and then transform it in such a way to be uniform (by 
having the probability of certain passwords being disqualified be 
based on their relative probability it should be possible to get a 
situation where all passwords are possible, and all have equal probability.
This gives optimum security ( I think). Of course there's then the game 
theory assumption that the attacker will know about this and try paswords 
randomly; if they instead attack passwords with a non-random approach, 
the optimum passwords will be tuned to their attack strategy, unless they 
know you're tuning to their attack in which case they will tune their 
attack to your [stack overflow - bus error, core dumped]

 Interesting exercise.


>   Mark Rogaski    | Why read when you can just sit and |      Member
>   System Admin    |         stare at things?           | Programmers Local
>   GTI GlobalNet   | Any expressed opinions are my own  |     # 0xfffe
> wendigo@pobox.com | unless they can get me in trouble. |     APL-CPIO

"There is power in a packet, power in a LAN
Power in the hands of the hacker,
But it all amounts to nothing if together we don't stand
There is power in a UNIX