On Fri, 1 Sep 2000, Steven Furlong wrote:
I used to work for a full-text indexing company. (So I can argue from a position of authority, and you can't dispute anything I say. ;-) ) The problem of indexing and matching text is not a hard problem in the mathematical sense, but it quickly becomes computationally gruesome.
I know, I know. No essential difference between text and pure binary data except a more limited alphabet and even lower mean entropy per symbol sent.
For myself, I often use as pass phrases memorized phrases from literature. Which ones? Well, I read four languages, and I do the number/letter and symbol/letter substitutions, so I feel secure even revealing that clue.
Good for you. Most people never go to even that much trouble. But I still think that dictionary searches on, say, all consequtive subsequences of 6-200 characters in the top 100 most likely to have been read books of a given adversary, with common variations (suppression of punctuation, all upper and lower case, adjunction of numbers below from 0-999 in the beginning and end of the phrase, all caps with first capital and vice versa, for the phrase and all words etc.) does not get too hard too fast, especially if we have statistics of people's habits which allow us to work the more likely candidates (like all lower case with little extra changes) first. And it *is* likely to work for the majority of adversaries. I also conceed to your point: serious crypto buffs like most people on this list would probably have little to fear from such attacks... Sampo Syreeni <decoy@iki.fi>, aka decoy, student/math/Helsinki university