Spaces in passwords
Bill Stewart
stewarts at ix.netcom.com
Sat Apr 20 20:48:05 PDT 1996
At 12:32 PM 4/19/96 EDT, Paul_Koning/US/3Com%3COM at smtp1.isd.3com.com wrote:
>>>Of course not. In a normal Unix password, adding spaces to the
>>>password search space increases the search space, so it necessarily
>>>makes the search harder.
>>Depends on the space of ideas that are leading to your passwords.
>>If the reason you're adding spaces is to separate an n-character word
>>from the dictionary from a 7-n character word from the dictionary,
>>this reduces the search space for a cracker considerably.
>>At least pick random punctuation instead.
>
>Huh? I don't follow your reasoning.
>If you use two random words, the search space for a dictionary attack
>with an N word dictionary is N^2. That's true whether you include a space
>or leave it out.
The context is Unix passwords, which are limited to 8 characters,
not arbitrary-length passphrases like PGP uses. The size of the
dictionary of words you can use to put two of into 8 characters
is fairly small; the natural choice for two words with a space is
a 4-letter word and a 3-letter word, both chosen from English dictionaries,
though 5/2 and 6/1 are also possible. It's _way_ searchable,
even if you're not attracted to popular phrases like "Exon You" or "Oh Exon!".
If you're length-constrained, the choice of one word limits the maximum
length of the other. If you take away another character for punctuation
or space, it reduces it even more. If I were writing this on a Unix box,
I'd check the number of words in the appropriate length categories, but it's
pretty low, and there's probably a lot less entropy in 3-character words than 4.
# Thanks; Bill
# Bill Stewart, stewarts at ix.netcom.com, +1-415-442-2215
More information about the cypherpunks-legacy
mailing list