>> (a dictionary attack on an >> encrypted timestamp is a brute force attack with known plaintext and >> known ciphertext) > >No. Dictionary attacks and brute force attacks are very different >things. The keyspaces are quite different. We worry about dictionary >attacks. We don't worry so much (yet) about brute force attacks.
Experience has shown me that it's easy to crank up password checkers to the point where you're approaching your encryption keyspace. It doesn't seem to be a real problem in practice ... and I think once you've moved out of the realm of things like crack and their ilk can generate, you're going to have to start doing brute-force password attacks ... and that makes me wonder if it's any better than a brute force raw crypto attack. --Ken
