To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 5787
5786  |  5788
Subject: 
 Re: Automated password appraisal (Re: New feature: Article rating)
Newsgroups: 
 lugnet.admin.general
Date: 
 Fri, 31 Mar 2000 00:50:58 GMT
Highlighted: 
 (details)
Viewed: 
 4168 times
  
In lugnet.admin.general, David Schilling writes:
I don't mean to say it's not a good idea to check (I think it is a good
idea, just as a diagnostic for people) -- I just don't know how to do it
quickly and efficiently without some really big iron.

The way I've done something similar in the past is to create a larger
dictionary: create a temp file with all words having their vowels removed,
and do the c/k mutations too, if desired.  Sort and remove duplicate
entries.  Finally, merge back into the original dictionary.

OK, so work it backwards, IOW.  Cool.  That sounds doable, and wouldn't even
increase the time it took to evaluate pw's by more than the tiniest percent.


This makes the
dictionary much larger, of course.  I wasn't using one as large as yours
already seems to be, but it might still work.

Well, if the dictionary grows from 2.7 million to 3.5 million entries,
that's OK -- it won't slow down probing since it already hits the disk on
almost every probe, and the dictionary DB is only ~30MB.


[...]
Actually I assume you already do *something* like this: do you reduce all
passwords to lower case, and have your dictionary in all lower case?
This would make sense to do.

Yup!


Is a word with random caPitAliZatiON that much more
secure than the same word in one of the three 'normal' senses?
(Capitalized, capitalized, CAPITALIZED)

Well, I guess a long word like that, assuming equal probability (1/2) on
each letter, would be 2^14 / 3 = ~5000 times more secure than the three
canonical cases?  (Speaking only from a brute-force attack standpoint.)


In any case, the idea is to find passwords that aren't good.  The
explanations of why they aren't is secondary.

Roit!  OK, thanks for the insights...it's just a couple one-liners to add
these permutations (er, removals)...

--Todd



Message is in Reply To:
  Re: Automated password appraisal (Re: New feature: Article rating)
 
(...) The way I've done something similar in the past is to create a larger dictionary: create a temp file with all words having their vowels removed, and do the c/k mutations too, if desired. Sort and remove duplicate entries. Finally, merge back (...) (25 years ago, 31-Mar-00, to lugnet.admin.general)  

309 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR