-----BEGIN PGP SIGNED MESSAGE-----
At 03:10 PM 08-06-99 -0600, Mike Stay wrote:
>A guy is willing to pay $1000 to anyone that can guess his PGPDisk
>passphrase. There are a lot of constraints he remembers, so it's a
>reasonable contest: a sentence, very profane, all lowercase, no
spaces
>or punctuation, maybe ends in 123. Source code for a PGPDisk breaker
>and details of the contest are at
>http://www.cs.oberlin.edu/students/mstay/contest.html
Hmmm. This kind of cracking contest seems a little scary to
me. ``Help crack my PGP passphrase'' seems a little too
likely to become ``Help crack this PGP passphrase.'' After
all, how would you know, when handed a key file and some
vague rules, whether the guy who handed it to you was really
the owner of the passphrase, who had forgotten? Especially
over the net? (This is an especially interesting problem
given where you work--you guys probably have some kind of
procedures for convincing yourselves you're not working for
the bad guys, though I don't know what that would be--it
seems like a much harder problem than merely establishing ID
for a CA.)
>Mike Stay
>mailto:[EMAIL PROTECTED]
- --John Kelsey, Counterpane Systems, [EMAIL PROTECTED]
NEW PGP print = 5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
iQCVAwUBN17XgiZv+/Ry/LrBAQHn+gQAiStf4bNklVjhiErCrxI9xNkUNNClSnBP
BHKqyWJt1zESmFEktSBdaI0IPv9jvmsnorO+LxNirWSv92F9vbS5o2rcRUyay13X
Ce3QmTDm5qAg3YMx9oqaKOcZDrhpjfiWYw4cPUFLtuf+GoK8YUVrIIaJZwVEfJ1w
kKItYlRORLc=
=wHyM
-----END PGP SIGNATURE-----
