[9476] in cryptography@c2.net mail archive
Re: "Pirate Utopia," FEED, February 20, 2001
daemon@ATHENA.MIT.EDU (David Honig)
Mon Sep 24 23:35:59 2001
Message-Id: <3.0.6.32.20010924171453.008f1750@pop.sprynet.com>
Date: Mon, 24 Sep 2001 17:14:53 -0700
To: Ray Dillinger <bear@sonic.net>, Nomen Nescio <nobody@dizum.com>
From: David Honig <honig@sprynet.com>
Cc: cryptography@wasabisystems.com
In-Reply-To: <Pine.LNX.4.21.0109241138120.6890-100000@bolt.sonic.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 11:44 AM 9/24/01 -0700, Ray Dillinger wrote:
>
>Actually, dictionary attacks reveal about sixty percent of passwords,
>so for every six passwords you find on a dictionary attack, you can
>infer ten actual stegotexts times the ratio between your analyzed and
>discovered (possibly-false) positives.
>
>While he has analyzed only two percent of his sample, that's a sufficient
>number that if even even a tenth of one percent of his positives were
>real he'd have discovered at least a few passwords.
>
>The paper is solid statistical methods; lack of any dictionary-yeilding
>passwords in that big a sample is very strong evidence that the sample
>is overwhelmingly made up of false positives.
>
> Bear
That's an excellent point, but: if you were smart enough to use stego
for real, wouldn't you be smart enough to pick a good password?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
