From: Mark Rogaski <wendigo@gti.net>
To: hoz@univel.telescan.com (rick hoselton)
Message Hash: 6cc43e69a42861c9349deff637803fb6222dc6204a2805a8b7ddcdf6be6438da
Message ID: <199604172037.QAA17212@apollo.gti.net>
Reply To: <199604171558.IAA02972@toad.com>
UTC Datetime: 1996-04-18 02:35:28 UTC
Raw Date: Thu, 18 Apr 1996 10:35:28 +0800
From: Mark Rogaski <wendigo@gti.net>
Date: Thu, 18 Apr 1996 10:35:28 +0800
To: hoz@univel.telescan.com (rick hoselton)
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604171558.IAA02972@toad.com>
Message-ID: <199604172037.QAA17212@apollo.gti.net>
MIME-Version: 1.0
Content-Type: text
-----BEGIN PGP SIGNED MESSAGE-----
An entity claiming to be rick hoselton wrote:
:
: Another example: What if I selected a nonsense passphrase,
: "Dagmar shaved Howard's cocker spaniel" Not great, but adequate for my needs.
: If, by some wild coindence, a book by that title became a best seller, I would
: change my passphrase. A cryptanalyst who knew that was my feeling could
: simplify
: his cracking by not bothering to search for best selling book titles. On
: the other
: hand, a cryptanalyst who was not so convinced of my paranoia, and who DID check
: book titles, would not find my passphrase. I assume that BOTH philosophies
: would be used in a serious attack. When I do the math, it says that, assuming
: BOTH types of attack are done, it is better to have a passphrase that is not
: the title of a book.
By the same token, if an admin runs crack on /etc/passwd to weed out poor
passwords isn't going to be faulted for reducing the key space for user's
passwords. The question is, how much of the keyspace should be eliminated
as "obviously a poor choice"?
Also, how much of this falls under "security through obscurity"? If an
attacker knows what you omit .. his/her job is a bit easier.
Is it possible to find a percentage of the key space to eliminate that
will optimize security assuming that the attacker will try the easy
stuff first (and is it possible to quantify "easy stuff")?
- --
Mark Rogaski | Why read when you can just sit and | Member
System Admin | stare at things? | Programmers Local
GTI GlobalNet | Any expressed opinions are my own | # 0xfffe
wendigo@pobox.com | unless they can get me in trouble. | APL-CPIO
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMXVWfQ0HmAyu61cJAQHltwP8Coe0i13a7NtFRYlCBdt1AEVEbz9jQhLp
6WPqGc80ETo8knHZAPVFP6ae1MmHYfbWhOY0y7I/Cv4kN8Smmu6mwIeYsuPRjCl9
ODK6qDUX1CcQX74t4ZvkTL2Umsnvwchvl1wHnaINGtud9C6nVREf34880vmJsYrl
5vsRJ1wo5Ng=
=zY9A
-----END PGP SIGNATURE-----
Return to April 1996
Return to “Simon Spero <ses@tipper.oit.unc.edu>”