At 05:04 PM 12/5/00, Ray Dillinger wrote: >If someone wants to enter "sex" as a password, s/he deserves >what s/he gets (although you may put up an "insecure passphrase" >warning box for him/her). The problem is that there's no objective way of knowing when a passphrase becomes 'insecure' since it depends on the amount of effort an attacker wants to spend trying to crack it. Going after Bill Gates' passphrase may yield more value than, say, my 12-year-old son's passphrase. We need to identify the community we're trying to serve here. Alpha security geeks will probably do whatever is necessary to provide a high work factor, but most civilians aren't going to understand or care. When their weak phrases break down, they'll blame the system design anyway. And they'll be right -- we need to design for the lowest common denominator of the user community. I admit it's more fun and more reliable to design a system for use by smart, well trained people, but that's a relatively small customer base. If the threat environment suggests we need a lot of entropy, we need to store it in a device and go with two factor authentication. >And if the user keeps *ONE* secure passphrase in his/her head, the >key it generates can be used to unscramble all of the random keys >stored in an encrypted file. So, they have to lug that file around anyway. That's two factor authentication. Why don't you store it on a smart card or something else portable? Then encode the file so that the effective keys will depend on a mixture of the file's contents and the passphrase. Ideally, there should be no way to decide off-line whether the attacker has hit the pass phrase or not. >"My name is Ozymandias, king of kings: >Look upon my works, ye Mighty, and despair!" So the 'new dictonary' for pass phrase attacks contains all the chestnuts from all the school lit books in the country. I expect there's a lot of overlap in their choices. As Arnold pointed out, maybe 1.33 bits is an overestimation. Does anyone have a citation as to the source of this 1.33 bits/letter estimate? In other words, who computed it and how? It's in Stinson's crypto book, but he didn't identify its source. I remember tripping over a citation for it in the past 6 months, but can't find it in my notes. Rick. [EMAIL PROTECTED]
Re: migration paradigm (was: Is PGP broken?)
Rick Smith at Secure Computing Thu, 07 Dec 2000 10:25:41 -0800
- Re: migration paradigm (was: Is PGP broken?... lcs Mixmaster Remailer
- Re: migration paradigm (was: Is PGP br... Enzo Michelangeli
- Re: migration paradigm (was: Is PG... Alan Olsen
- Re: migration paradigm (was: I... David Honig
- Re: migration paradigm (was: Is PGP br... Arnold G. Reinhold
- Re: migration paradigm (was: Is PG... Ray Dillinger
- Re: migration paradigm (was: I... Arnold G. Reinhold
- Re: migration paradigm (was: I... Rick Smith at Secure Computing
- Re: migration paradigm (wa... Arnold G. Reinhold
- DOD rescues Iridium Arnold G. Reinhold
- Re: DOD rescues I... David Honig
- Re: migration paradigm (wa... Peter Fairbrother
- Re: migration paradig... Rick Smith at Secure Computing
- Re: migration par... Paul Crowley
- Re: migration par... Arnold G. Reinhold
- Re: migration... Albert P. Belle Isle
- Re: migration paradigm (wa... Bill Stewart
- Re: migration paradig... Enzo Michelangeli
