Full Disclosure mailing list archives
Re: Diceware method adoption - brute force me if you dare
From: jf <jf () danglingpointers net>
Date: Thu, 13 Mar 2008 02:49:27 +0000 (UTC)
police officers (in the states) wear bullet proof vests because there is a high probability of them getting shot/shot at, do you think that somehow makes it legal? On Wed, 12 Mar 2008, M.B.Jr. wrote:
Date: Wed, 12 Mar 2008 16:15:56 -0300 From: M.B.Jr. <marcio.barbado () gmail com> To: Full-Disclosure mailing list <full-disclosure () lists grok org uk> Subject: [Full-disclosure] Diceware method adoption - brute force me if you dare Dear list, I was studying this passphrase creation method called Diceware: http://world.std.com/~reinhold/diceware.html In it, one rools a common dice five times, write down the results, in a sequential manner, and then check the suggested word in the DICTIONARY they provide. You got that? The method is supposed to give the user the words to use. Say your results were "5;6;1;5;3", then you check their table and the word listed under that number sequence is "sus"; well, that's the (pretty short) word to use in your passphrase. A 46,656 (6^6) word dictionary, publicly available. The method is clearly one bad choice for password creation but it's fairly acceptable for obtaining passphrases and concerning the latter, it assumes that eventual attackers know the referred dictionary, however offering a low guessing probability (high information entropy) for passphrases. Despite the "rite of passage" idea in which the target stops trying to hide and starts expecting attacks as a certainty, my point here is legal. Doesn't adopting the Diceware method in a, say, government corporative environment means legalizing brute force attacks? Yours faithfully,
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Diceware method adoption - brute force me if you dare M . B . Jr . (Mar 12)
- Re: Diceware method adoption - brute force me if you dare jf (Mar 12)
- Re: Diceware method adoption - brute force me if you dare M . B . Jr . (Mar 12)
- Re: Diceware method adoption - brute force me if you dare blah (Mar 12)
- Re: Diceware method adoption - brute force me if you dare Razi Shaban (Mar 14)
- Re: Diceware method adoption - brute force me if you dare jf (Mar 12)