Re: Password Cracking

From: Lohkee (Lohkee@worldnet.att.net)
Date: 01/24/03 

From: "Lohkee" <Lohkee@worldnet.att.net>
Date: Fri, 24 Jan 2003 01:08:17 GMT

"Ernst-Udo Wallenborn" <ernst-udo.wallenborn@freenet.de> wrote in message
news:s5lznprr3pt.fsf@dilbert.pointyhairedbosses.de...
>
> "Lohkee" <Lohkee@worldnet.att.net> writes:
>
> > You statement is absolutelty FALSE. I have stated, and maintain, that
> > password strength is a function of the number of possiblities in the
pool.
> > The greater the number, the "stronger" a given password - a FACT which
is
> > easily proven by mathamatical analysis, although I must admit, I do wish
> > lottery people would use your method.
>
>
> This is simply not true.
>
>
>
> --
> Ernst-Udo Wallenborn

Why? Because you say so? Contrast your "proof" ("this is simply not true')
with mine: Given a known number of possibilities, we can calculate the odds
of the attacker being able to guess the correct sequence (password) on the
first attempt. Many papers have been written on the subject of password
length, and they all - that I know of - conclude that a longer password is
stronger. Why? Because the odds against guessing the correct one grow as the
numbers of possibilities are increased. We can prove this mathematically.
No one seems to have too much difficulty with this concept. Yet, for some
completely bizarre reason, they gag on the reverse, i.e., that the odds in
favor of the attacker increase as the number of possibilities to choose from
is decreased (which is completely irrational to say the least). We can also
prove this mathematically. Security through science or security through
superstition. We all have a choice.

Lohkee!

Relevant Pages

  • Re: Password Cracking
    ... >> password strength is a function of the number of possiblities in the ... of the attacker being able to guess the correct sequence on the ... favor of the attacker increase as the number of possibilities to choose from ... Security through science or security through ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Password Cracking
    ... >> password strength is a function of the number of possiblities in the ... of the attacker being able to guess the correct sequence on the ... favor of the attacker increase as the number of possibilities to choose from ... Security through science or security through ...
    (microsoft.public.win2000.security)
  • [NT] Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (MS03-044)
    ... Get your security news from a reliable source. ... A security vulnerability exists in the Help and Support Center function ... *Microsoft Windows Millennium Edition ... An attacker could exploit the vulnerability by constructing a URL that, ...
    (Securiteam)
  • [UNIX] Security Analysis of VTun
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... An attacker can modify ... Packet forwarding: ... password) as encryption key. ...
    (Securiteam)
  • [REVS] Security Considerations for Web-based Applications
    ... Get your security news from a reliable source. ... consequences of this ranges from the erosion of customer confidence in the ... of poorly implemented host naming procedures or web-application URL ... The attacker may choose to inject ...
    (Securiteam)