[109419] in Cypherpunks
Re: Simplicity
daemon@ATHENA.MIT.EDU (Nicholas Cravotta)
Tue Mar 23 16:37:15 1999
Date: Tue, 23 Mar 1999 16:20:16 -0500
From: Nicholas Cravotta <cravotta@compuserve.com>
To: "David C. Oshel" <dcoshel@pobox.com>
Cc: "[unknown]" <cypherpunks@cyberpass.net>, "[unknown]" <gbroiles@netbox.com>,
"[unknown]" <junger@samsara.law.cwru.edu>,
"[unknown]" <aucrypto@suburbia.net>,
"[unknown]" <oshel.david@mcleod.net>,
"[unknown]" <mitnick@paranoid.org>,
"[unknown]" <cypherpunks@algebra.com>, "[unknown]" <armoral@flash.net>,
"[unknown]" <jy@jya.com>, bill payne <billp@nmol.com>,
"[unknown]" <softwar@us.net>, j orlin grabbe <kalliste@aci.net>,
john gilmore <gnu@toad.com>
Reply-To: Nicholas Cravotta <cravotta@compuserve.com>
David,
Sorry for the misunderstanding about cognometrics. Cognometrics refers only to passwords,
not to encryption or keys. The idea is to create different kinds of passwords
not based on alphanumeric characters. For example, one company uses faces
to create a password. You select a combination of four faces from among
several hundred choices. Supposedly you will remember faces easier than
random alphanumeric characters. When it comes time to enter your password,
the system will offer you nine faces from which you pick the first face, and so
on for each of the four faces. By offering several hundred faces, the company proports that
it will be harder to crack (4^100) than choosing from 10 digits. (This particular
system is easy to break: you know that the correct face is one of the nine.
Since the other eight are random, by failing several times, you can notice
which single face appeared in every query for the first face, thus giving you
the first face.)
I thought the idea worth bringing up since many systems employ passwords as
well as or in conjunction with keys. Passwords don't have to be conventional,
and nonconventional passwords ("What's your favorite kind of beer?" -> "The kind
in my refrigerator") can be difficult to crack because the answer domain is
less defined.
-------------Forwarded Message-----------------
From: "David C. Oshel", INTERNET:dcoshel@pobox.com
To: [unknown], INTERNET:cypherpunks@cyberpass.net
[unknown], INTERNET:gbroiles@netbox.com
[unknown], INTERNET:junger@samsara.law.cwru.edu
[unknown], INTERNET:aucrypto@suburbia.net
[unknown], INTERNET:oshel.david@mcleod.net
[unknown], INTERNET:mitnick@paranoid.org
[unknown], INTERNET:cypherpunks@algebra.com
[unknown], INTERNET:armoral@flash.net
[unknown], INTERNET:jy@jya.com
bill payne, INTERNET:billp@nmol.com
CC: [unknown], INTERNET:softwar@us.net
j orlin grabbe, INTERNET:kalliste@aci.net
john gilmore, INTERNET:gnu@toad.com
[unknown], cravotta
Date: 3/22/99 8:23 AM
RE: Re: Simplicity
Sender: dcoshel@pobox.com
Received: from mcleodusa.net (email1-1.mcleod.net [208.16.32.20])
by hpamgaaa.compuserve.com (8.8.8/8.8.8/HP-1.1) with SMTP id IAA15581
for <cravotta@compuserve.com>; Mon, 22 Mar 1999 08:23:36 -0500 (EST)
Received: from [208.16.36.66] ([208.16.36.66]) by mcleodusa.net ; Mon, 22 Mar 1999 07:18:44 -600
X-Sender: oshel.david@email.mcleod.net
Message-Id: <v03110701b31bf16a63ef@[208.16.36.82]>
In-Reply-To: <36F5ADBF.142D@nmol.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 22 Mar 1999 07:22:34 -0600
To: bill payne <billp@nmol.com>, jy@jya.com, armoral@flash.net,
cypherpunks@algebra.com, mitnick@paranoid.org, oshel.david@mcleod.net,
aucrypto@suburbia.net, junger@samsara.law.cwru.edu,
gbroiles@netbox.com, cypherpunks@cyberpass.net
From: "David C. Oshel" <dcoshel@pobox.com>
Subject: Re: Simplicity
Cc: john gilmore <gnu@toad.com>, j orlin grabbe <kalliste@aci.net>,
cravotta@compuserve.com, softwar@us.net
At 19:41 -0700 21/3/99, bill payne wrote:
>...
>A good encryption article from an engineering standpoint appeared.
>
>http://www.ednmag.com/reg/1999/031899/06df2.cfm
>
I'm not sure what "cognometrics" means -- Is the author suggesting that
one should hash a FILE, such as a passport photo, when selecting an
encryption key? This would have the advantage of precluding a user's
effective knowledge of technical details of the actual key. If the initial
file were selected from an album (on a CD, e.g.), then sequential photos
from the same gallery, or sequential tracks from the same audio CD, etc.,
could key successive blocks of the plaintext. Exchanging passwords might
be as simple as mailing a fair copy of a CD, or discussing a particular
track from a popular music album.
David C. Oshel dcoshel@pobox.com
Cedar Rapids, Iowa http://pobox.com/~dcoshel/
``Tension, apprehension and dissension have begun.'' - Duffy Wyg& in Alfred
Bester's _The Demolished Man_
