From: kentborg@world.std.com (Kent Borg)
Date: Sat, 2 Jul 94 12:52:19 PDT
To: cypherpunks@toad.com
Subject: Re: Password Difficulties
Message-ID: <199407021952.AA21913@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain


ben@Tux.Music.ASU.Edu and joshua@cae.retix.com both suggest ways to
choose passwords/phrases--things no normal person will do.

What do we do about a population which thinks a 4-digit PIN is secure?
If people use their current ATM PINs--and a lot of computer users *do*
when they are allowed--there will be problems: if we want privacy we
had better figure out how to give everyone privacy.

Part of my original post was cribbing from a paper I once read on the
security of crypt on Unix machines.  It talked of multiple
applications of crypt to slow down brute-force password cracking.
Should things like PGP use this technique in protecting the secret
key?  Does a million encryptions equal 10-bits added to the key?
(Assuming the million encryptions cannot be composed into a single
equivalent encryption.)

-kb


--
Kent Borg                                                  +1 (617) 776-6899
kentborg@world.std.com                                
kentborg@aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!