1994-07-02 - Re: Password Difficulties

Header Data

From: lcottrell@popmail.ucsd.edu (Lance Cottrell)
To: cypherpunks@toad.com
Message Hash: d1bad9ee9c315d1dd2e33bf8ae87d716779f981bda586659ec2ad87a86b2bc39
Message ID: <199407022250.PAA24741@ucsd.edu>
Reply To: N/A
UTC Datetime: 1994-07-02 22:51:00 UTC
Raw Date: Sat, 2 Jul 94 15:51:00 PDT

Raw message

From: lcottrell@popmail.ucsd.edu (Lance Cottrell)
Date: Sat, 2 Jul 94 15:51:00 PDT
To: cypherpunks@toad.com
Subject: Re: Password Difficulties
Message-ID: <199407022250.PAA24741@ucsd.edu>
MIME-Version: 1.0
Content-Type: text/plain


I make a point of using at least one non-dictionary word in every passphase
I make. That is one word not from this or any other language. It seems to
me that the inclustion of such a word somewhere in the password is going to
render the dictionary attack useless (since it is not possible to tell when
you are close).
It seems to me that, although I can not prove it, one does not have to
introduce may non-dictionary elements before a simple brute force becomes
simpler than a dictionary attack. How does one exploit the 1 bit per
character of english, if it is not known what parts of the phrase (if any)
are in standard english?

--------------------------------------------------
Lance Cottrell  who does not speak for CASS/UCSD
loki@nately.ucsd.edu
PGP 2.3 key available by finger or server.

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche







Thread