mailing list archives
Re: Re: pgp passphrase
From: Michael Cecil <macecil () comcast net>
Date: Mon, 22 Mar 2004 19:00:46 -0600
At 03:21 PM 3/22/2004, Valdis.Kletnieks () vt edu said:
>On Mon, 22 Mar 2004 14:58:23 +0100, Nico Golde <nion () gmx net> said:
>> ^^^^^^^^^^^^^^^^ password
>> ^^^^^^^^^^^^^ password
>> > Can you spot both passphrases?
>> i think i am right.
>Right. You've proven that a *human* looking at the datastream can probably
>guess the passphrases. The challenge was to write software that can do a
>job of it. Hmm.. that's almost an inverse of the Turing Test... ;)
Why would it need to guess? It could simply try every logged string ending
in a crlf. I doubt that overhead would even be noticeable to the victim.
macecil () comcast net
Full-Disclosure - We believe in it.