[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: why compression doesn't perfectly even out entropy



On Wed, 17 Apr 1996, Mark Rogaski wrote:

> 
> Is it possible to find a percentage of the key space to eliminate that
> will optimize security assuming that the attacker will try the easy
> stuff first (and is it possible to quantify "easy stuff")?

Hmmm- I think this could be interesting to study; if we treat the space 
of possible passwords as a non-uniform probability distribution 
(Zipfian?), and then transform it in such a way to be uniform (by 
having the probability of certain passwords being disqualified be 
based on their relative probability it should be possible to get a 
situation where all passwords are possible, and all have equal probability.
This gives optimum security ( I think). Of course there's then the game 
theory assumption that the attacker will know about this and try paswords 
randomly; if they instead attack passwords with a non-random approach, 
the optimum passwords will be tuned to their attack strategy, unless they 
know you're tuning to their attack in which case they will tune their 
attack to your [stack overflow - bus error, core dumped]

 Interesting exercise.


>   Mark Rogaski    | Why read when you can just sit and |      Member
>   System Admin    |         stare at things?           | Programmers Local
>   GTI GlobalNet   | Any expressed opinions are my own  |     # 0xfffe
> [email protected] | unless they can get me in trouble. |     APL-CPIO

"There is power in a packet, power in a LAN
Power in the hands of the hacker,
But it all amounts to nothing if together we don't stand
There is power in a UNIX