From: "Major Variola (ret)" <mv@cdc.gov> Sent: Aug 2, 2004 11:56 PM To: "cypherpunks@al-qaeda.net" <cypherpunks@al-qaeda.net> Subject: On what the NSA does with its tech ... What they can do is implement an advanced dictionary search that includes the kind of mnemonic tricks and regexps that folks typically use when coming up with "tough" passphrases. Cracking Italian anarchist PGP-equipt PDAs in their possession, things like that. Yep. This seems like the practical weak link in a lot of uses of cryptography. It can be made harder in a lot of ways (e.g., upping the iteration count, or doing Abadi's trick of generating a big salt value but not disclosing all of it), but all this ends up with the attacker's extra work linear in the user's extra work. Of course, if the user chooses good passwords, it's a pretty big linear factor, but it's still linear--I double my iteration count, and the attacker doubles his work, though he's always doing a million times as much work as I am. The only really good solution is to use some external device to mediate in password->key generation. But then you've got to make sure that device is always available, or you're unable to get at your data. And if that device is an online server somewhere, then password encryptions become partly traceable. --John Kelsey