From: Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com
Date: Sat, 20 Apr 1996 04:48:14 +0800
To: cypherpunks@toad.com
Subject: Re: Spaces in passwords
Message-ID: <9604191931.AA4559@>
MIME-Version: 1.0
Content-Type: text/plain


>>Of course not. In a normal Unix password, adding spaces to the
>>password search space increases the search space, so it necessarily
>>makes the search harder.
>
>Depends on the space of ideas that are leading to your passwords.
>If the reason you're adding spaces is to separate an n-character word
>from the dictionary from a 7-n character word from the dictionary,
>this reduces the search space for a cracker considerably.
>At least pick random punctuation instead.

Huh?  I don't follow your reasoning.

If you use two random words, the search space for a dictionary attack
with an N word dictionary is N^2.  That's true whether you include a space
or leave it out.  If you use "random punctuation" and the punctuation
character is unknown, you add perhaps a factor 20, which is so much smaller
than N that it isn't worth arguing about.

Two-word passphrases are pretty good, and if you feel uncomfortable
with an N^2 work factor, use three words to get N^3.  That's a much bigger
win than talking about random punctuation characters.

 paul

!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning@isd.3com.com  or  paul_koning@3mail.3com.com
! Pgp:   27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink.  It can make you shoot at tax collectors
!  -- and miss!"
!                -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
!                   in "Time Enough for Love"