Security Basics mailing list archives
Re: AW: ADS Password Storage Protection
From: Joe Barr <joe () pjprimer com>
Date: Fri, 21 Jul 2006 11:49:14 -0500
On Thu, 2006-07-20 at 08:25 +0200, Christian.Assfalg () bc boehringer-ingelheim com wrote:
What you say is true, length increases the maximum number of possible passwords far more than a greater number of base characters. That is statistical mathematics. However, it assumes that the characters are not dependant on the other characters, which is not always the case. That's why dictionary attacks work so fine. You can substitute a number of characters (say 4) with all possible 4-character-long words. That reduces your complexity quite a bit. A passphrase of 8 words with 5 characters each does not translate to 24^40 possibilities, but rather to (whatever-the-number-of-5-character-words-in-english-is)^8. In a dictionary attack, you can use this to significantly reduce the number of tries you have to try.
I'm not following this. A dictionary attack will be of no use against a passphrase of 8 words, will it? --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- AW: ADS Password Storage Protection Christian . Assfalg (Jul 21)
- <Possible follow-ups>
- AW: ADS Password Storage Protection Christian . Assfalg (Jul 21)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 21)
- Re: ADS Password Storage Protection Ansgar -59cobalt- Wiechers (Jul 24)
- Re: ADS Password Storage Protection Michael Rice (Jul 25)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 25)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 21)
- Re: AW: ADS Password Storage Protection Joe Barr (Jul 21)
- RE: ADS Password Storage Protection Roger A. Grimes (Jul 24)
- AW: ADS Password Storage Protection Christian . Assfalg (Jul 21)