[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: why compression doesn't perfectly even out entropy
On Wed, 17 Apr 1996, Mark Rogaski wrote:
>
> Is it possible to find a percentage of the key space to eliminate that
> will optimize security assuming that the attacker will try the easy
> stuff first (and is it possible to quantify "easy stuff")?
Hmmm- I think this could be interesting to study; if we treat the space
of possible passwords as a non-uniform probability distribution
(Zipfian?), and then transform it in such a way to be uniform (by
having the probability of certain passwords being disqualified be
based on their relative probability it should be possible to get a
situation where all passwords are possible, and all have equal probability.
This gives optimum security ( I think). Of course there's then the game
theory assumption that the attacker will know about this and try paswords
randomly; if they instead attack passwords with a non-random approach,
the optimum passwords will be tuned to their attack strategy, unless they
know you're tuning to their attack in which case they will tune their
attack to your [stack overflow - bus error, core dumped]
Interesting exercise.
> Mark Rogaski | Why read when you can just sit and | Member
> System Admin | stare at things? | Programmers Local
> GTI GlobalNet | Any expressed opinions are my own | # 0xfffe
> [email protected] | unless they can get me in trouble. | APL-CPIO
"There is power in a packet, power in a LAN
Power in the hands of the hacker,
But it all amounts to nothing if together we don't stand
There is power in a UNIX