Home page logo

basics logo Security Basics mailing list archives

Re: AW: ADS Password Storage Protection
From: Joe Barr <joe () pjprimer com>
Date: Fri, 21 Jul 2006 11:49:14 -0500

On Thu, 2006-07-20 at 08:25 +0200,
Christian.Assfalg () bc boehringer-ingelheim com wrote:
What you say is true, length increases the maximum number of possible
passwords far more than a greater number of base characters. That is
statistical mathematics. However, it assumes that the characters are
not dependant on the other characters, which is not always the case.
That's why dictionary attacks work so fine. You can substitute a
number of characters (say 4) with all possible 4-character-long words.
That reduces your complexity quite a bit. A passphrase of 8 words with
5 characters each does not translate to 24^40 possibilities, but
rather to (whatever-the-number-of-5-character-words-in-english-is)^8.
In a dictionary attack, you can use this to significantly reduce the
number of tries you have to try.

I'm not following this.  A dictionary attack will be of no use against a
passphrase of 8 words, will it?

This list is sponsored by: Norwich University

The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]