Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: pgp passphrase
From: Michael Cecil <macecil () comcast net>
Date: Mon, 22 Mar 2004 19:00:46 -0600

At 03:21 PM 3/22/2004, Valdis.Kletnieks () vt edu said:
>On Mon, 22 Mar 2004 14:58:23 +0100, Nico Golde <nion () gmx net>  said:
>
>> ^^^^^^^^^^^^^^^^ password
>
>> ^^^^^^^^^^^^^ password
>
>> > Can you spot both passphrases?
>>
>> i think i am right.
>
>Right.  You've proven that a *human* looking at the datastream can probably
>guess the passphrases.  The challenge was to write software that can do a
>passable
>job of it. Hmm.. that's almost an inverse of the Turing Test... ;)

Why would it need to guess? It could simply try every logged string ending in a crlf. I doubt that overhead would even be noticeable to the victim.

--
Michael Cecil
macecil () comcast net
http://home.comcast.net/~macecil/howto/
http://home.comcast.net/~antiviruscd/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]