Cryptography-Digest Digest #809, Volume #13 Mon, 5 Mar 01 17:13:01 EST
Contents:
Re: Monty Hall problem (was Re: philosophical question?) (Fred Galvin)
Re: PKI and Non-repudiation practicalities ("Lyalc")
Re: => FBI easily cracks encryption ...? (Jim D)
Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack ...?) (Jim
D)
Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack ...?) (Jim
D)
Just getting interested... ("Matt Broughton")
Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack ...?)
([EMAIL PROTECTED])
Re: => FBI easily cracks encryption ...? (Fogbottom)
Re: Was there ever a CRM-114 Discriminator? ("Mxsmanic")
Re: passphrase question ("Mxsmanic")
Re: The Foolish Dozen or so in This News Group (Jerry Coffin)
Re: passphrase question (Tom McCune)
Re: => FBI easily cracks encryption ...? ("Mxsmanic")
Re: passphrase question ("Mxsmanic")
Re: Monty Hall problem (was Re: philosophical question?) ("Mxsmanic")
Re: PKI and Non-repudiation practicalities (Anne & Lynn Wheeler)
Re: OT: Legitimacy of Governmental Power (Fogbottom)
Re: passphrase question ("Paul Pires")
Re: The Foolish Dozen or so in This News Group (Shawn Willden)
Re: passphrase question (JPeschel)
----------------------------------------------------------------------------
From: Fred Galvin <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Mon, 5 Mar 2001 14:35:20 -0600
On Mon, 5 Mar 2001, Mxsmanic wrote:
> "Joe H. Acker" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
>
> > However, I do not believe that the truth
> > table is correct.
>
> The table covers every possibility, and shows every outcome. Which
> entry is in error?
>
> > I do believe that the probability to win in
> > this special case does *not* depend on my
> > knowledge regarding Monty's choice---wether
> > or not I *know* which goat door Monty will open.
> > The probability to win is determined by the
> > fact that Monty will *always* open a door that
> > does not contain the car.
>
> Correct. That's why the truth table that I provided does not take
> Monty's choice into account. The only thing that matters is that he
> always eliminates a door that conceals a goat.
Hmm. Suppose Monty's strategy is that, whichever door I pick, he will
open the highest numbered remaining door that conceals a goat. In that
case, if I pick door #1 and Monty shows me a goat behind door #2, I
can be 100% sure that the car is behind door #3; however, if I pick
door #1 and Monty shows me a goat behind door #3, then I have only a
50% chance of getting a car, regardless of whether I stick with door
#1 or switch to door #2.
--
People who don't have a sense of humor shouldn't try to be funny.
------------------------------
From: "Lyalc" <[EMAIL PROTECTED]>
Subject: Re: PKI and Non-repudiation practicalities
Date: Tue, 6 Mar 2001 07:34:15 +1100
No one buys security. They do pay for things that improve their business,
short and long term.
PKI merely replicates password based processing. Remember, the private key
is controlled by a password. So a digital signature is merely an indication
that someone once knew the password associated with a certificate/private
key. And that the password was verified on a remote machine with no
specific indication of that machine's trustworthiness . Nothing more.
Many billions of dollars in transactions are authenticated today by
passwords (e.g. ATMs with PINs) with very low technology based risk
exposure.
What else is requered depends upon your goals. Secure password capture,
secure private key storage, secure processing, high bandwidth and large
storage are some criteria that spring to mind for day to day electronic
signatures.
Lyal
Mark Currie wrote in message <3aa36b04$0$[EMAIL PROTECTED]>...
>In article <7JTn6.1182$[EMAIL PROTECTED]>, [EMAIL PROTECTED]
says...
>>
>>2 answers
>>Not yet much literature on the practical issues. The PKI vendors are
>>building CA component systems for the wrong business model.
>>
>
>What areas do you think that they should be focussing on ?
>
>>Non-repudiation of what?
>>- The existence of an unaltered message?
>>- or proof that I digitally signed the message that appears to be from me
>>(thus becoming an electronic signature).
>
>I was mainly referring to the latter, but the former would also have to be
>included in this this proof.
>
>>Common PKi does the former well enough, alebit with the overheads you
>>mention. Totally useless with the latter, since non-Public key technology
>>is an essential component required to acheive this outcome.
>>
>>Lyal
>
>I think that the asymetric nature of PK helps, but as we agree, you need
much
>more. What other non-Public key technology do you think is needed ?
>
>
>
>Mark
>
>
>>
>>
>>Mark Currie wrote in message <3a9f90cc$0$[EMAIL PROTECTED]>...
>>>Hi,
>>>
>>>Non-repudiation is often used as a selling point for PKI but this can be
>>>misleading. Non-repudiation requires additional infrastructure such as
>>>databases for storing each signed message together with its corresponding
>>>signature. In high-throughput applications the amount of storage needed
can
>>be
>>>very large indeed. There are many applications of public key cryptography
>>(i.e.
>>>communications security) where Non-repudiation is impractical because of
>>the
>>>storage requirement. Non-repudiation would also require independent
>>validation
>>>services that are capable of verifying the message originator given a
>>message,
>>> signature & certificate. These services would have to demonstrate a high
>>level
>>>of trustworthiness since the output is likely to be a simple Yes/No. The
>>full
>>>implications of supporting Non-repudiation may not be that clear to PKI
>>>customers and their application developers. The message that often comes
>>across
>>>is that PKI / PK technology gives you Non-repudiation. It does not. It
>>seems to
>>>me that there needs to be more information around the practical
>>implementation
>>>of Non-repudiation.
>>>
>>>It is possible that these issues are now being addressed by PKI vendors.
>>Does
>>>anyone know of any literature that covers the practical issues around
>>>Non-repudiation ?
>>>
>>>Mark
>>>
>>
>>
>
------------------------------
From: [EMAIL PROTECTED] (Jim D)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Mon, 05 Mar 2001 20:41:55 GMT
Reply-To: Jim D
On Sat, 3 Mar 2001 03:01:09 -0700, "Open FleshWound" <[EMAIL PROTECTED]>
wrote:
>
>"Frodo" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]...
>> In article <[EMAIL PROTECTED]>
>> Jim Taylor <[EMAIL PROTECTED]> wrote:
>> >
>> > Sometimes I wonder about these groups. Are you all drug
>> dealers or
>> > something? What would be so bad about the FBI or NSA, with
>> considerable
>> > effort and expense, being able to decrypt a PGP message?
>> Aren't they the
>> > good guys trying to protect _us_ against spies, terrorists and
>> organized
>> > crime?
>>
>> Sometimes. Other times they're trying to slander people they
>> consider subversive, as J. Edgar Hoover did to Martin Luther
>> King and John Lennon.
>
>John Lennon was subversive ...
Good for him!
--
___________________________________________
Posted by Jim Dunnett
George Dubya Bushisms No 4:
I understand small business growth,
I was one.
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Jim D)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack ...?)
Date: Mon, 05 Mar 2001 20:41:57 GMT
Reply-To: Jim D
On Sun, 04 Mar 2001 17:36:03 -0600, [EMAIL PROTECTED] wrote:
>I could go on, but this is not a political newsgroup. Bush won it, and
>the only reason the Democrats are beside themselves is that they were
>certain they had committed enough fraud to win.
Did he hell! He siezed power, in much the same way as
Milosevic or Saddam.
>GW Bush is president, and he won fairly. He also bears no resemblance
>to Hitler. In fact, if you look at the socialist policies the
>Democrats want to put in place
Your Democrats are nowhere near being socialists.
They're only just slightly right of Genghis Kahn.
--
___________________________________________
Posted by Jim Dunnett
George Dubya Bushisms No 4:
I understand small business growth,
I was one.
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: [EMAIL PROTECTED] (Jim D)
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack ...?)
Date: Mon, 05 Mar 2001 20:41:58 GMT
Reply-To: Jim D
On Mon, 05 Mar 2001 07:06:34 GMT, Vince Adams <[EMAIL PROTECTED]> wrote:
>In article <[EMAIL PROTECTED]>, sideband@DELETE-
>ITbtinternet.com says...
>: On 4 Mar 2001 10:50:24 -0000, [EMAIL PROTECTED] ([EMAIL PROTECTED])
>: wrote:
>:
>: >Even though there was a lot of dirty bottom-dealing involved, each step
>: >along the way of Hitler's rise to power was legal. Dirty, but legal.
>:
>: Rings a bell! I know: just like George W Bush.
>:
>:
>
>Hey guys... Who is this flaming UK asshole 'Jim D'. Must be some
>trolling perv. Prez Clanton did more to erode personal freedom in the USA
>than any other US president in history.
He was corrupt, Bush is corrupt, the next one will
be corrupt.....
>How do you say it in the UK? Go bugger yourself wanker <g>.
And the same to you Yankee Doodle!
--
___________________________________________
Posted by Jim Dunnett
George Dubya Bushisms No 4:
I understand small business growth,
I was one.
[EMAIL PROTECTED]
[EMAIL PROTECTED]
------------------------------
From: "Matt Broughton" <[EMAIL PROTECTED]>
Subject: Just getting interested...
Date: Mon, 05 Mar 2001 20:40:32 GMT
I'm just getting interested in cryptology and cryptanalysis, are there any
books that you all would recommend on the topic? I havent gotten very
techincal yet, but im trying to get a well rounded view on the subjects.
Currently im reading "The Code Book" by Simon Singh and I'm enjoying it
immensly. After that, Im wanting to move more towards the computer aspect
of it all...any recommended reading? Please reply directly...
Matt Broughton
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: OT: Legitimacy of Governmental Power (Was: Re: => FBI easily crack ...?)
Date: Mon, 05 Mar 2001 14:58:57 -0600
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] (Jim D) wrote:
>On Sun, 04 Mar 2001 17:36:03 -0600, [EMAIL PROTECTED] wrote:
>
>>I could go on, but this is not a political newsgroup. Bush won it, and
>>the only reason the Democrats are beside themselves is that they were
>>certain they had committed enough fraud to win.
>
>Did he hell! He siezed power, in much the same way as
>Milosevic or Saddam.
>
>>GW Bush is president, and he won fairly. He also bears no resemblance
>>to Hitler. In fact, if you look at the socialist policies the
>>Democrats want to put in place
>
>Your Democrats are nowhere near being socialists.
>They're only just slightly right of Genghis Kahn.
The above statement serves to demonstrate that either:
1) You are trolling, or
2) You don't know what your talking about.
At least OUR national embarrassment, Bill "BJ" Clinton, is out. You
poor buggers as still saddled with Tony "Let's kill off everything
even remotely British" Blair, who is a Socialist by any *correct*
definition of the term..
------------------------------
Date: 5 Mar 2001 20:59:36 -0000
From: [EMAIL PROTECTED] (Fogbottom)
Subject: Re: => FBI easily cracks encryption ...?
Crossposted-To: alt.security.pgp,talk.politics.crypto
In article <7lSo6.55493$[EMAIL PROTECTED]>
"Mxsmanic" <[EMAIL PROTECTED]> wrote:
>
> "Fogbottom" <[EMAIL PROTECTED]> wrote in
message
> news:[EMAIL PROTECTED]...
>
> > You've been watching "The FBI Story" a bit too often.
>
> I've never heard of that.
The people writing the glowing reports about the FBI you
apparently read certainly have.
> > But in general, local cops are just as well trained
> > as FBI special agents and actually have far more
> > street experience.
>
> Why are local cops always getting into so much more trouble for
> misdeeds, then?
For the same reasons the FBI is always getting into trouble for
misdeeds.
Most local police agencies don't have the FBI's propaganda
machine to cover up for them.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Subject: Re: Was there ever a CRM-114 Discriminator?
Date: Mon, 05 Mar 2001 21:04:57 GMT
I've been advised by the author of the page that the reference to the
CRM-114 is an intentional joke, and another person with B-52 flight
experience assures me that he never saw any such device aboard the
aircraft.
"Jerry Coffin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> In article <[EMAIL PROTECTED]>,
> [EMAIL PROTECTED] says...
>
> [ ... ]
>
> > >According to the Federation of American Scientists page on the
B-52, one of
> > >its systems is a CRM-114 Discriminator. Here's the link:
> > >http://www.fas.org/nuke/guide/usa/bomber/b-52.htm
> >
> > >This may be a joke by FAS, I can't tell.
> >
> > It may simply be an error. Since they look far and wide for sources
of
> > information, perhaps someone assumed the movie was correctly
> > researched in this particular.
>
> While this page has a lot of accurate information, it also contains
> at least a few things I'd consider questionable. Just for an obvious
> example, while they accurately note that the B-52 is often call the
> "BUFF", they claim it stands for "big ugly fat fellow", while the
> expansion in wide use is "big ugly flying F'er."
>
> For another example, they mention a rear-facing seat behind the co-
> pilot as being "spare (instructor seat)". At least when I worked in
> B-52s, that's where the tail-gunner sat. I suppose the AF may have
> decided the B-52's tail gun wasn't particularly effective and taken
> them out though -- AFAIK, only one B-52 was ever credited with a kill
> on an enemy fighter using its tail gun (sorry, I don't remember the
> tail number, but it was a D-model that shot down a MiG over Southeast
> Asia).
>
> --
> Later,
> Jerry.
>
> The Universe is a figment of its own imagination.
>
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: passphrase question
Date: Mon, 05 Mar 2001 21:06:13 GMT
"Tom McCune" <[EMAIL PROTECTED]> wrote in message
news:izSo6.218870$[EMAIL PROTECTED]...
> How would a potential opponent of any individual
> user know this?
In cryptography, you always assume that your opponent knows everything
except the specifically secret part of your key.
------------------------------
From: Jerry Coffin <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: The Foolish Dozen or so in This News Group
Date: Mon, 5 Mar 2001 14:06:57 -0700
In article <[EMAIL PROTECTED]>, [EMAIL PROTECTED] says...
[ ... ]
> Wrong. It is possible to ensure that the same disk blocks will
> be ovrwritten (unless a new bad block gets added to the remapping
> table during the process), but you have to open the file in a
> particular mode (r+w in stdio terminology); if the file is opened
> for writing in the default mode, it gets truncated to 0 length and
> all its previous data blocks are returned to the block-buffer pool.
Even that doesn't really guarantee that the same blocks will be
overwritten -- there are logged file systems that _always_ allocate
new space when you write data. They typically use a garbage
collector to delete blocks and add them to the free space when
they're found to longer belong to any file, but some systems like
this simply don't allow you to directly overwrite the blocks of a
file regardless of the mode in which you open the file.
--
Later,
Jerry.
The Universe is a figment of its own imagination.
------------------------------
Crossposted-To: alt.security.pgp
From: Tom McCune <[EMAIL PROTECTED]>
Subject: Re: passphrase question
Date: Mon, 05 Mar 2001 21:08:46 GMT
In article <9dTo6.56224$[EMAIL PROTECTED]>, "Mxsmanic"
<[EMAIL PROTECTED]> wrote:
>In cryptography, you always assume that your opponent knows everything
>except the specifically secret part of your key.
I can't buy that. There is no way for my opponent to know whether or not I
repeat characters, or have numbers, or have letters, etc., in my passphrase.
If I were to assume this, I would assume that he/she knows my passphrase,
and that I therefore might as well not have one.
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp,talk.politics.crypto
Subject: Re: => FBI easily cracks encryption ...?
Date: Mon, 05 Mar 2001 21:16:59 GMT
"Fogbottom" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> The people writing the glowing reports about the
> FBI you apparently read certainly have.
My information comes from talking to them myself, and from talking to
other people who have dealt with them.
> For the same reasons the FBI is always getting
> into trouble for misdeeds.
Always? How often is that?
> Most local police agencies don't have the FBI's
> propaganda machine to cover up for them.
What sorts of things are being covered up, specifically?
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: passphrase question
Date: Mon, 05 Mar 2001 21:22:14 GMT
"Tom McCune" <[EMAIL PROTECTED]> wrote in message
news:yfTo6.218982$[EMAIL PROTECTED]...
> I can't buy that.
Well, it's your security, not mine. I'm more paranoid than you, I
guess.
> There is no way for my opponent to know whether
> or not I repeat characters, or have numbers, or
> have letters, etc., in my passphrase.
Maybe.
But the fact is, if you are systematically repeating characters, you may
as well just stick with a six-character password, instead.
------------------------------
From: "Mxsmanic" <[EMAIL PROTECTED]>
Crossposted-To: sci.crypt.random-numbers,de.sci.informatik.misc,sci.math
Subject: Re: Monty Hall problem (was Re: philosophical question?)
Date: Mon, 05 Mar 2001 21:28:37 GMT
"Fred Galvin" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Suppose Monty's strategy is that, whichever door
> I pick, he will open the highest numbered remaining
> door that conceals a goat. In that case, if I pick
> door #1 and Monty shows me a goat behind door #2, I
> can be 100% sure that the car is behind door #3;
> however, if I pick door #1 and Monty shows me a
> goat behind door #3, then I have only a 50% chance
> of getting a car, regardless of whether I stick with
> door #1 or switch to door #2.
That's not Monty's strategy, though, by definition.
------------------------------
Subject: Re: PKI and Non-repudiation practicalities
Reply-To: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
From: Anne & Lynn Wheeler <[EMAIL PROTECTED]>
Date: Mon, 05 Mar 2001 21:44:00 GMT
"Lyalc" <[EMAIL PROTECTED]> writes:
> No one buys security. They do pay for things that improve their business,
> short and long term.
> PKI merely replicates password based processing. Remember, the private key
> is controlled by a password. So a digital signature is merely an indication
> that someone once knew the password associated with a certificate/private
> key. And that the password was verified on a remote machine with no
> specific indication of that machine's trustworthiness . Nothing more.
>
> Many billions of dollars in transactions are authenticated today by
> passwords (e.g. ATMs with PINs) with very low technology based risk
> exposure.
>
> What else is requered depends upon your goals. Secure password capture,
> secure private key storage, secure processing, high bandwidth and large
> storage are some criteria that spring to mind for day to day electronic
> signatures.
>
> Lyal
i would have said that public/private key authentication does a little
bit better job than secret-key/pin authentication .... since it
eliminates some issues with the sharing of a secret-key.
hardware tokens can be accessed with pin/secret-key and then do
public/private key digital signatures for authentication ... but there
is no "sharing" of the pin/secret-key.
taken to the extreme, biometrics is a form of secret key .... and
while compromise of pin/secret-key in a shared-secret infrastructure
involves issuing a new pin/secret-key ... current technology isn't
quite up to issuing new fingers if a biometric shared-secret were
compromised (aka there are operational differences between
shared-secret paradigms and non-shared-secret paradigms ... even if
both have similar pin/secret-key/biometrics mechanisms).
in an account-based infrastructure that already uses some form of
authentication (pins, passwords, mothers-maiden-name, #SSN, etc), it
is relatively straight-forward technology upgrade to public/private
key authentication ... w/o requiring business process dislocation that
many PKIs represent.
--
Anne & Lynn Wheeler | [EMAIL PROTECTED] - http://www.garlic.com/~lynn/
------------------------------
Date: 5 Mar 2001 21:50:39 -0000
From: [EMAIL PROTECTED] (Fogbottom)
Subject: Re: OT: Legitimacy of Governmental Power
Crossposted-To: alt.security.pgp,talk.politics.crypto
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] wrote:
>
> [EMAIL PROTECTED] (Jim D) wrote:
>
> >On Sun, 04 Mar 2001 17:36:03 -0600, [EMAIL PROTECTED]
wrote:
> >
> >>I could go on, but this is not a political newsgroup. Bush
won it, and
> >>the only reason the Democrats are beside themselves is that
they were
> >>certain they had committed enough fraud to win.
> >
> >Did he hell! He siezed power, in much the same way as
> >Milosevic or Saddam.
> >
> >>GW Bush is president, and he won fairly. He also bears no
resemblance
> >>to Hitler. In fact, if you look at the socialist policies the
> >>Democrats want to put in place
> >
> >Your Democrats are nowhere near being socialists.
> >They're only just slightly right of Genghis Kahn.
>
> The above statement serves to demonstrate that either:
>
> 1) You are trolling, or
> 2) You don't know what your talking about.
You've simply *got* to learn to start thinking outside the
little box made for you in your militia meetings.
The correct answer is 3) He's right.
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Crossposted-To: alt.security.pgp
Subject: Re: passphrase question
Date: Mon, 5 Mar 2001 13:51:02 -0800
Tom McCune <[EMAIL PROTECTED]> wrote in message
news:yfTo6.218982$[EMAIL PROTECTED]...
> In article <9dTo6.56224$[EMAIL PROTECTED]>, "Mxsmanic"
><[EMAIL PROTECTED]> wrote:
>
> >In cryptography, you always assume that your opponent knows everything
> >except the specifically secret part of your key.
>
> I can't buy that. There is no way for my opponent to know whether or not I
> repeat characters, or have numbers, or have letters, etc., in my passphrase.
Ehr... I think you just told everybody.
This is the problem with password selection schemes and passwords
in general. If it is any good, a hacker will just add it to their dictionary
search routine reducing the needed "find" to the unique aspects.
If you tell, you can't use. I have a much easier and much better way.
No, I won't tell you.
Paul
> If I were to assume this, I would assume that he/she knows my passphrase,
> and that I therefore might as well not have one.
>
> Tom McCune
> My PGP Page & FAQ: http://www.McCune.cc
------------------------------
From: Shawn Willden <[EMAIL PROTECTED]>
Crossposted-To: alt.hacker
Subject: Re: The Foolish Dozen or so in This News Group
Date: Mon, 05 Mar 2001 14:35:48 -0700
Benjamin Goldberg wrote:
> Personally, I think that the kind of functionality that Szopa wants his
> OverWrite to have ought to be built into the OS.
>
> You would pass a file descriptor, an offset, and a length, and viola, it
> would be wiped.
...assuming the hardware (the controller or the drive itself) didn't have
some sort of write buffering. I know that SCSI cards and HDDs all have read
caches these days, do any of them implement write caching as well?
If they do (or if they will in the foreseeable future), then some of this
functionality may need to be pushed down to the hardware level. At the very
least there would need to be a way to defeat the write buffering.
This reminds me in of some discussions on comp.lang.c++ and comp.lang.java
about the (in)efficacy of the double lock check idiom, which can be made
unworkable by optimizations performed by any of the compiler, virtual
machine, memory caches or even the CPU itself, even if the programmer
doesn't screw it up.
Shawn.
------------------------------
From: [EMAIL PROTECTED] (JPeschel)
Date: 05 Mar 2001 22:05:30 GMT
Subject: Re: passphrase question
"Mxsmanic" [EMAIL PROTECTED] writes:
>The passphrase is no more secure than a six-character password, and is
>thus vastly less secure than a well-chosen passphrase. The fact that
>you repeat each of the characters has no effect, since your opponent
>knows this.
A passphrase chosen using "Nobody's" formulation isn't secure,
but it will survive an opponent's attack for a longer time than would
a six-character password.
Joe
__________________________________________
Joe Peschel
D.O.E. SysWorks
http://members.aol.com/jpeschel/index.htm
__________________________________________
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to sci.crypt.
End of Cryptography-Digest Digest
******************************
