[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Word lists for passphrases
At 5:33 PM 7/15/96, David Sternlight wrote:
>It is pretty easy to defend against dictionary attacks by using an expanded
>character set--mixed caps and lower case; numbers substituted for some
>letters according to easily-remembered personal rules.
>
>"Da5id" in "Snow Crash" by Neal Stephenson is an obvious example, since the
>"v" is a roman numeral 5. Another is the "Compuserve method" of inserting
>punctuation characters between words making up a password or key. Since the
>length of the words used is unknown to the cracker, this makes his job
>harder.
>
>That is--a dictionary which accomodates such things as the above will be
>pretty large. With the number rule, there would have to be 10 additional
>versions of the one-letter word, 10 versions of each leading character
>making up a two letter word, and then it starts increasing combinatorially.
>Might as well use brute force.
In a "universe" of n-character passwords, whatever length n is, the use of
English, German, Elvish, Klingon, whatever words can be looked as
"galaxies."
(That is, clusters in an otherwise uniform space.)
Thus, "David" is one of the galaxies, and ""Da5id," "david," "Daphid," etc.
are just some of the stars in this galaxy of "nearby" strings.
Calculations of entropy and all. Be very careful.
--Tim May
Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Licensed Ontologist | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."