CDR: Re: Is kerberos broken?

Tom Vogt tom at ricardo.de
Tue Sep 5 06:35:00 PDT 2000


petro wrote:
> >>          Of course, a *simple* substitution of one word (or even
> >>  spaces) would make this *much* harder.
> >>
> >>          "Friends, Romulans, fellow countrymen, lend me your beers..."
> >
> >not likely. crack has been guessing simple substitutions for years.
> 
>         Crack has been guessing "simple" substitutions at the character level.

your point? it's trivial to change the rules from "try replacing o with
0 (zero)" to using a phonetics dictionary on a whole word. pattern
matching is likewise so trivial that I've used it in online games for
nothing more important than fixing typos of players.


>         It gets a bit unwieldy and time consuming when running brute
> force attack against a 50 or 60 character string.

yes, but you *still* reduce the key space by several orders of
magnitude, or rather: reorder it in your favor (I assume that when you
failed with all substitions, you'll go "real" brute force, skipping what
you already tried).





More information about the cypherpunks-legacy mailing list