Password Difficulties

Kent Borg kentborg at world.std.com
Sat Jul 2 12:52:19 PDT 1994


ben at Tux.Music.ASU.Edu and joshua at cae.retix.com both suggest ways to
choose passwords/phrases--things no normal person will do.

What do we do about a population which thinks a 4-digit PIN is secure?
If people use their current ATM PINs--and a lot of computer users *do*
when they are allowed--there will be problems: if we want privacy we
had better figure out how to give everyone privacy.

Part of my original post was cribbing from a paper I once read on the
security of crypt on Unix machines.  It talked of multiple
applications of crypt to slow down brute-force password cracking.
Should things like PGP use this technique in protecting the secret
key?  Does a million encryptions equal 10-bits added to the key?
(Assuming the million encryptions cannot be composed into a single
equivalent encryption.)

-kb


--
Kent Borg                                                  +1 (617) 776-6899
kentborg at world.std.com                                
kentborg at aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!






More information about the cypherpunks-legacy mailing list