From: lcottrell@popmail.ucsd.edu (Lance Cottrell)
Date: Sat, 2 Jul 94 15:51:00 PDT
To: cypherpunks@toad.com
Subject: Re: Password Difficulties
Message-ID: <199407022250.PAA24741@ucsd.edu>
MIME-Version: 1.0
Content-Type: text/plain


I make a point of using at least one non-dictionary word in every passphase
I make. That is one word not from this or any other language. It seems to
me that the inclustion of such a word somewhere in the password is going to
render the dictionary attack useless (since it is not possible to tell when
you are close).
It seems to me that, although I can not prove it, one does not have to
introduce may non-dictionary elements before a simple brute force becomes
simpler than a dictionary attack. How does one exploit the 1 bit per
character of english, if it is not known what parts of the phrase (if any)
are in standard english?

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
loki@nately.ucsd.edu
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche