On Wed, 11 Apr 2001, Andreas Heinlein wrote:
> --On Dienstag, 10. April 2001 20:05 Uhr +0200 Thomas Roessler
> <[EMAIL PROTECTED]> wrote:
>
> > Executive summary: If you have ever used Strip for the Palm to
> > generate your passwords, change them. Change them NOW.
>
> Hi,
>
> I think you forgot to mention the attacker has to know you generated
> the passwords with Strip...
>
> Not likely in many cases, I think.
You're ignoring the obvious though. If the Strip keyspace is so small,
and we know that someone somewhere must use Strip, then we might as well
add the Strip passwords to the beginning of our attack, along with the
dictionaries and whatnot.
-jwb
