CDR: Re: Is kerberos broken?
BENHAM TIMOTHY JAMES
bentj93 at itsc.adfa.edu.au
Tue Sep 5 16:28:01 PDT 2000
>
> On Sat, 2 Sep 2000, BENHAM TIMOTHY JAMES wrote:
>
> >A human can easily remember 26 random letters from a 32 character
> >alphabet with a little mnemonic method (eg map each character to a
> >word so that it makes up some sort of dumb story). 5*26==130 which
> >is more bits than computers can currently exhaust over.
>
> True, especially if you salt with a suitably long random number and combine
> the two with a sufficiently nasty serial computation.
>
> Most of this thread does not, despite the strong wordings, actually
> concentrate on what average people *can* do but what they are likely to do
> when they do not have any real reason/incentive to guard their privacy.
Sure, probably 70% or more of real apss phrases are crackable, but that's
not strictly the fault of the software. It doesn't really matter either,
if they &really& have no "reason/incentive to guard their privacy".
Tim
More information about the cypherpunks-legacy
mailing list