jf, if your analogy was somehow decent, it would consider the police giving citizens some shotguns since the Diceware dictionary is freely available for download.
On Wed, Mar 12, 2008 at 11:49 PM, jf <[EMAIL PROTECTED]> wrote: > police officers (in the states) wear bullet proof vests because there is a > high probability of them getting shot/shot at, do you think that somehow > makes it legal? > > > On Wed, 12 Mar 2008, M.B.Jr. wrote: > > > Date: Wed, 12 Mar 2008 16:15:56 -0300 > > From: M.B.Jr. <[EMAIL PROTECTED]> > > To: Full-Disclosure mailing list <[email protected]> > > Subject: [Full-disclosure] Diceware method adoption - brute force me if you > > dare > > > > > > Dear list, > > I was studying this passphrase creation method called Diceware: > > > > http://world.std.com/~reinhold/diceware.html > > > > In it, one rools a common dice five times, write down the results, in > > a sequential manner, and then check the suggested word in the > > DICTIONARY they provide. > > You got that? The method is supposed to give the user the words to use. > > Say your results were "5;6;1;5;3", then you check their table and the > > word listed under that number sequence is "sus"; well, that's the > > (pretty short) word to use in your passphrase. > > A 46,656 (6^6) word dictionary, publicly available. The method is > > clearly one bad choice for password creation but it's fairly > > acceptable for obtaining passphrases and concerning the latter, it > > assumes that eventual attackers know the referred dictionary, however > > offering a low guessing probability (high information entropy) for > > passphrases. > > > > Despite the "rite of passage" idea in which the target stops trying to > > hide and starts expecting attacks as a certainty, my point here is > > legal. > > Doesn't adopting the Diceware method in a, say, government corporative > > environment means legalizing brute force attacks? > > > > Yours faithfully, > > > > > > > > > -- Marcio Barbado, Jr. "In fact, companies that innovate on top of open standards are advantaged because resources are freed up for higher-value work and because market opportunities expand as the standards proliferate." Scott Handy Vice President Worldwide Linux and Open Source, IBM _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
