From: Simon Spero <ses@tipper.oit.unc.edu>
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: 9163f2c50ee45d64b560162b8f689485f6dce164c0171d6162ec7f5e60e3034a
Message ID: <Pine.SOL.3.91.960417173232.3025G-100000@chivalry>
Reply To: <199604172037.QAA17212@apollo.gti.net>
UTC Datetime: 1996-04-18 09:02:09 UTC
Raw Date: Thu, 18 Apr 1996 17:02:09 +0800
From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Thu, 18 Apr 1996 17:02:09 +0800
To: Cypherpunks <cypherpunks@toad.com>
Subject: Re: why compression doesn't perfectly even out entropy
In-Reply-To: <199604172037.QAA17212@apollo.gti.net>
Message-ID: <Pine.SOL.3.91.960417173232.3025G-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain
On Wed, 17 Apr 1996, Mark Rogaski wrote:
>
> Is it possible to find a percentage of the key space to eliminate that
> will optimize security assuming that the attacker will try the easy
> stuff first (and is it possible to quantify "easy stuff")?
Hmmm- I think this could be interesting to study; if we treat the space
of possible passwords as a non-uniform probability distribution
(Zipfian?), and then transform it in such a way to be uniform (by
having the probability of certain passwords being disqualified be
based on their relative probability it should be possible to get a
situation where all passwords are possible, and all have equal probability.
This gives optimum security ( I think). Of course there's then the game
theory assumption that the attacker will know about this and try paswords
randomly; if they instead attack passwords with a non-random approach,
the optimum passwords will be tuned to their attack strategy, unless they
know you're tuning to their attack in which case they will tune their
attack to your [stack overflow - bus error, core dumped]
Interesting exercise.
> Mark Rogaski | Why read when you can just sit and | Member
> System Admin | stare at things? | Programmers Local
> GTI GlobalNet | Any expressed opinions are my own | # 0xfffe
> wendigo@pobox.com | unless they can get me in trouble. | APL-CPIO
"There is power in a packet, power in a LAN
Power in the hands of the hacker,
But it all amounts to nothing if together we don't stand
There is power in a UNIX
Return to April 1996
Return to “Simon Spero <ses@tipper.oit.unc.edu>”