At 12:32 PM 4/19/96 EDT, Paul_Koning/US/3Com%3COM@smtp1.isd.3com.com wrote:

...

...

Of course not. In a normal Unix password, adding spaces to the password search space increases the search space, so it necessarily makes the search harder.

...

Depends on the space of ideas that are leading to your passwords. If the reason you're adding spaces is to separate an n-character word from the dictionary from a 7-n character word from the dictionary, this reduces the search space for a cracker considerably. At least pick random punctuation instead.

Huh? I don't follow your reasoning. If you use two random words, the search space for a dictionary attack with an N word dictionary is N^2. That's true whether you include a space or leave it out.

The context is Unix passwords, which are limited to 8 characters, not arbitrary-length passphrases like PGP uses. The size of the dictionary of words you can use to put two of into 8 characters is fairly small; the natural choice for two words with a space is a 4-letter word and a 3-letter word, both chosen from English dictionaries, though 5/2 and 6/1 are also possible. It's _way_ searchable, even if you're not attracted to popular phrases like "Exon You" or "Oh Exon!". If you're length-constrained, the choice of one word limits the maximum length of the other. If you take away another character for punctuation or space, it reduces it even more. If I were writing this on a Unix box, I'd check the number of words in the appropriate length categories, but it's pretty low, and there's probably a lot less entropy in 3-character words than 4. # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com, +1-415-442-2215