police officers (in the states) wear bullet proof vests because there is a high probability of them getting shot/shot at, do you think that somehow makes it legal?
On Wed, 12 Mar 2008, M.B.Jr. wrote: > Date: Wed, 12 Mar 2008 16:15:56 -0300 > From: M.B.Jr. <[EMAIL PROTECTED]> > To: Full-Disclosure mailing list <[email protected]> > Subject: [Full-disclosure] Diceware method adoption - brute force me if you > dare > > Dear list, > I was studying this passphrase creation method called Diceware: > > http://world.std.com/~reinhold/diceware.html > > In it, one rools a common dice five times, write down the results, in > a sequential manner, and then check the suggested word in the > DICTIONARY they provide. > You got that? The method is supposed to give the user the words to use. > Say your results were "5;6;1;5;3", then you check their table and the > word listed under that number sequence is "sus"; well, that's the > (pretty short) word to use in your passphrase. > A 46,656 (6^6) word dictionary, publicly available. The method is > clearly one bad choice for password creation but it's fairly > acceptable for obtaining passphrases and concerning the latter, it > assumes that eventual attackers know the referred dictionary, however > offering a low guessing probability (high information entropy) for > passphrases. > > Despite the "rite of passage" idea in which the target stops trying to > hide and starts expecting attacks as a certainty, my point here is > legal. > Doesn't adopting the Diceware method in a, say, government corporative > environment means legalizing brute force attacks? > > Yours faithfully, > > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
