CDR: Re: Is kerberos broken?
Tom Vogt
tom at ricardo.de
Tue Sep 5 06:35:00 PDT 2000
petro wrote:
> >> Of course, a *simple* substitution of one word (or even
> >> spaces) would make this *much* harder.
> >>
> >> "Friends, Romulans, fellow countrymen, lend me your beers..."
> >
> >not likely. crack has been guessing simple substitutions for years.
>
> Crack has been guessing "simple" substitutions at the character level.
your point? it's trivial to change the rules from "try replacing o with
0 (zero)" to using a phonetics dictionary on a whole word. pattern
matching is likewise so trivial that I've used it in online games for
nothing more important than fixing typos of players.
> It gets a bit unwieldy and time consuming when running brute
> force attack against a 50 or 60 character string.
yes, but you *still* reduce the key space by several orders of
magnitude, or rather: reorder it in your favor (I assume that when you
failed with all substitions, you'll go "real" brute force, skipping what
you already tried).
More information about the cypherpunks-legacy
mailing list