1996-07-16 - Re: Word lists for passphrases
Header Data
From: David Sternlight <david@sternlight.com>
To: cypherpunks@toad.com
Message Hash: bc21cea81ce1e608c8cf574401ae5b2d457a8d6100037fc6d3a519e494005ceb
Message ID: <v03007605ae102f6372e6@[192.187.162.15]>
Reply To: <199607150749.AAA07579@toad.com>
UTC Datetime: 1996-07-16 05:43:41 UTC
Raw Date: Tue, 16 Jul 1996 13:43:41 +0800
Raw message
From: David Sternlight <david@sternlight.com>
Date: Tue, 16 Jul 1996 13:43:41 +0800
To: cypherpunks@toad.com
Subject: Re: Word lists for passphrases
In-Reply-To: <199607150749.AAA07579@toad.com>
Message-ID: <v03007605ae102f6372e6@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain
At 12:45 AM -0700 7/15/96, Bill Stewart wrote:
>At 09:43 PM 7/8/96 -0700, you wrote:
>>If the purpose is for use with "Crack" or some similar program, it might be
>>better than you would think. You won't get the "unusual" words, but you
>>will also get the words in common usage that do not appear in dictionaries.
>>(Such as fnord, jedi, killfile, and the like...)
>
>"fnord" is in _my_ dictionary - can't you find it in yours? :-)
>
>
>
>>Another thing to look for when choosing dictionaries/wordlists for crack is
>>not sticking to english. If you have a userbase that is known to have a
>>certain percentage of people of a non-english background, you will want to
>>find lists of words from that background. (I had a sysadmin asking me about
>>Yiddish and Hebrew wordlists for just that reason.) These can be a bit
>>harder. (Especially for unusual languages.)
>
>Grady Ward has his Moby Words databases with some of this kind of information.
>In addition to the usual sets of languages, it's useful to include any
>available lexicons of Elvish, Klingon, Unix, and other popular
>hacker-languages,
It is pretty easy to defend against dictionary attacks by using an expanded
character set--mixed caps and lower case; numbers substituted for some
letters according to easily-remembered personal rules.
"Da5id" in "Snow Crash" by Neal Stephenson is an obvious example, since the
"v" is a roman numeral 5. Another is the "Compuserve method" of inserting
punctuation characters between words making up a password or key. Since the
length of the words used is unknown to the cracker, this makes his job
harder.
That is--a dictionary which accomodates such things as the above will be
pretty large. With the number rule, there would have to be 10 additional
versions of the one-letter word, 10 versions of each leading character
making up a two letter word, and then it starts increasing combinatorially.
Might as well use brute force.
David
Thread
Return to July 1996
- Return to “Bill Stewart <stewarts@ix.netcom.com>”
- Return to “Christian Wettergren <cwe@it.kth.se>”
Return to “David Sternlight <david@sternlight.com>”
- 1996-07-15 (Mon, 15 Jul 1996 19:08:07 +0800) - Re: Word lists for passphrases - Bill Stewart <stewarts@ix.netcom.com>
- 1996-07-16 (Tue, 16 Jul 1996 13:43:41 +0800) - Re: Word lists for passphrases - David Sternlight <david@sternlight.com>
- 1996-07-16 (Tue, 16 Jul 1996 20:53:24 +0800) - Re: Word lists for passphrases - Christian Wettergren <cwe@it.kth.se>
- 1996-07-16 (Tue, 16 Jul 1996 13:43:41 +0800) - Re: Word lists for passphrases - David Sternlight <david@sternlight.com>