[9129] in cryptography@c2.net mail archive
Re: Danish police: Not Safeguard Easy but passwords were weak
daemon@ATHENA.MIT.EDU (Ray Dillinger)
Mon Aug 13 20:40:34 2001
Date: Mon, 13 Aug 2001 13:46:16 -0700 (PDT)
From: Ray Dillinger <bear@sonic.net>
To: =?iso-8859-1?Q?Bo_Elkj=E6r?= <bo.elkjaer@eb.dk>
Cc: "'Declan McCullagh '" <declan@well.com>,
"'politech@politechbot.com '" <politech@politechbot.com>,
"'cryptography@wasabisystems.com'" <cryptography@wasabisystems.com>
In-Reply-To: <81485FE4A1E9D111847400805F592CF206704746@mail.pol.dk>
Message-ID: <Pine.LNX.4.21.0108131331520.20244-100000@bolt.sonic.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Thu, 9 Aug 2001, [iso-8859-1] Bo Elkj=E6r wrote:
>It was reported in national media - including tv - that the police had
>succesfully _broken_ the encryption. This, it seems, is not the case. The
>police have managed to find the _passwords_ of the five encrypted computer=
s.
And we're back to the easy chunk of cryptanalysis. That 128-bit key=20
doesn't do you a darn bit of good if it's derived from one of the two=20
million most common words in your language.
In Finnish and/or German, I believe the working vocabulary isn't even=20
that large; even in English, which has a huge vocabulary, two million=20
words will include words that have been out of style for centuries.
There is no help for people who are not willing or able to store real=20
entropy in their brains somehow. "Password: swordfish" just ain't gonna=20
cut it when the rubber meets the road.=20
And here is where we get to the cryptanalytic uses of those high-powered=20
clusters some folk here have been admiring: The fact is that the ability=
=20
to chew through about two million words plus forty million variations=20
as possible passwords, will get you a substantial number of decrypts no=20
matter how good the system is. No need for an exhaustive search of the=20
huge keyspace until you've finished your exhaustive search of the=20
relatively tiny vocabulary of the user's native language.=20
=09=09=09=09Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
