From: kentborg@world.std.com (Kent Borg)
To: cypherpunks@toad.com
Message Hash: 2f9371fa4b6e37d9e6c88fd8f2ba1615445eeca8adb3b85916212de9363e528b
Message ID: <199407021952.AA21913@world.std.com>
Reply To: N/A
UTC Datetime: 1994-07-02 19:52:19 UTC
Raw Date: Sat, 2 Jul 94 12:52:19 PDT
From: kentborg@world.std.com (Kent Borg)
Date: Sat, 2 Jul 94 12:52:19 PDT
To: cypherpunks@toad.com
Subject: Re: Password Difficulties
Message-ID: <199407021952.AA21913@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain
ben@Tux.Music.ASU.Edu and joshua@cae.retix.com both suggest ways to
choose passwords/phrases--things no normal person will do.
What do we do about a population which thinks a 4-digit PIN is secure?
If people use their current ATM PINs--and a lot of computer users *do*
when they are allowed--there will be problems: if we want privacy we
had better figure out how to give everyone privacy.
Part of my original post was cribbing from a paper I once read on the
security of crypt on Unix machines. It talked of multiple
applications of crypt to slow down brute-force password cracking.
Should things like PGP use this technique in protecting the secret
key? Does a million encryptions equal 10-bits added to the key?
(Assuming the million encryptions cannot be composed into a single
equivalent encryption.)
-kb
--
Kent Borg +1 (617) 776-6899
kentborg@world.std.com
kentborg@aol.com
Proud to claim 31:15 hours of TV viewing so far in 1994!
Return to July 1994
Return to “tcmay@netcom.com (Timothy C. May)”