On Wed, 17 Apr 1996, Mark Rogaski wrote:
Is it possible to find a percentage of the key space to eliminate that will optimize security assuming that the attacker will try the easy stuff first (and is it possible to quantify "easy stuff")?
Hmmm- I think this could be interesting to study; if we treat the space of possible passwords as a non-uniform probability distribution (Zipfian?), and then transform it in such a way to be uniform (by having the probability of certain passwords being disqualified be based on their relative probability it should be possible to get a situation where all passwords are possible, and all have equal probability. This gives optimum security ( I think). Of course there's then the game theory assumption that the attacker will know about this and try paswords randomly; if they instead attack passwords with a non-random approach, the optimum passwords will be tuned to their attack strategy, unless they know you're tuning to their attack in which case they will tune their attack to your [stack overflow - bus error, core dumped] Interesting exercise.
Mark Rogaski | Why read when you can just sit and | Member System Admin | stare at things? | Programmers Local GTI GlobalNet | Any expressed opinions are my own | # 0xfffe wendigo@pobox.com | unless they can get me in trouble. | APL-CPIO
"There is power in a packet, power in a LAN Power in the hands of the hacker, But it all amounts to nothing if together we don't stand There is power in a UNIX