CDR: Re: Is kerberos broken?
Tom Vogt
tom at ricardo.de
Tue Sep 5 06:35:00 PDT 2000
petro wrote:
> >> Of course, a *simple* substitution of one word (or even
> >> spaces) would make this *much* harder.
> >>
> >> "Friends, Romulans, fellow countrymen, lend me your beers..."
> >
> >not likely. crack has been guessing simple substitutions for years.
>
> Crack has been guessing "simple" substitutions at the character level.
your point? it's trivial to change the rules from "try replacing o with
0 (zero)" to using a phonetics dictionary on a whole word. pattern
matching is likewise so trivial that I've used it in online games for
nothing more important than fixing typos of players.
> It gets a bit unwieldy and time consuming when running brute
> force attack against a 50 or 60 character string.
yes, but you *still* reduce the key space by several orders of
magnitude, or rather: reorder it in your favor (I assume that when you
failed with all substitions, you'll go "real" brute force, skipping what
you already tried).
More information about the Testlist
mailing list