Spaces in passwords
Paul_Koning/US/3Com%3COM at smtp1.isd.3com.com
Paul_Koning/US/3Com%3COM at smtp1.isd.3com.com
Fri Apr 19 13:48:14 PDT 1996
>>Of course not. In a normal Unix password, adding spaces to the
>>password search space increases the search space, so it necessarily
>>makes the search harder.
>
>Depends on the space of ideas that are leading to your passwords.
>If the reason you're adding spaces is to separate an n-character word
>from the dictionary from a 7-n character word from the dictionary,
>this reduces the search space for a cracker considerably.
>At least pick random punctuation instead.
Huh? I don't follow your reasoning.
If you use two random words, the search space for a dictionary attack
with an N word dictionary is N^2. That's true whether you include a space
or leave it out. If you use "random punctuation" and the punctuation
character is unknown, you add perhaps a factor 20, which is so much smaller
than N that it isn't worth arguing about.
Two-word passphrases are pretty good, and if you feel uncomfortable
with an N^2 work factor, use three words to get N^3. That's a much bigger
win than talking about random punctuation characters.
paul
!-----------------------------------------------------------------------
! Paul Koning, NI1D, C-24183
! 3Com Corporation, 1-3A, 118 Turnpike Road, Southborough MA 01772 USA
! phone: +1 508 229 1695, fax: +1 508 490 5873
! email: paul_koning at isd.3com.com or paul_koning at 3mail.3com.com
! Pgp: 27 81 A9 73 A6 0B B3 BE 18 A3 BF DD 1A 59 51 75
!-----------------------------------------------------------------------
! "Be wary of strong drink. It can make you shoot at tax collectors
! -- and miss!"
! -- Robert A. Heinlein, "The Notebooks of Lazarus Long"
! in "Time Enough for Love"
More information about the cypherpunks-legacy
mailing list