Re: content rather than key?
From: Kai (nospamkai@webmail.co.za)
Date: 03/05/03
- Next message: Kai: "Re: ... challenge?"
- Previous message: Stefan Katzenbeisser: "Re: Koblitz Factor Base Example"
- In reply to: Michiel Buddingh': "Re: content rather than key?"
- Next in thread: Robert van der Meulen: "Re: content rather than key?"
- Reply: Robert van der Meulen: "Re: content rather than key?"
- Reply: Michiel Buddingh': "Re: content rather than key?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kai" <nospamkai@webmail.co.za> Date: Wed, 5 Mar 2003 17:58:36 +0200
"Michiel Buddingh'" <michiel@nospam.com> wrote in message
news:pan.2003.03.05.16.45.48.346022@nospam.com...
> On Wed, 05 Mar 2003 17:00:49 +0200, Kai wrote:
>
> > ... let's see, say an intelligent program can associate more
> > information with the key than the content. My first example
> > was very limited ...
> >
> > say someone uses
> > 'pirate' as a key.
> >
> > the intelligent program would expand this to something like
> >
> > 'ship' 'flag' 'island' 'treasure' 'ocean' 'sword' '1600'
> >
> > now we have a long key
> >
> > shipflagislandtreasureoceanswordseventeenthcentury
> >
> > would that not improve entropy?
>
> IANAC (I am not a cryptographer)
>
> I don't think so. For such an algorithm to work, you'd have to
> choose those words from a limited set, in a predictable manner.
> Furthermore, you'd have to limit the possible input passwords
> as well..
>
> So it would be possible for someone to write an algorithm that
> would simply loop through all the possible passwords, find its
> associated words, and try them.
>
> In short, it would increase the entropy of a string in the same
> way that multiplying by 1000 increases the entropy of a number,
> namely not.
>
> You _could_ choose the words in a random order, and let the de-
> cryption algorithm try all possible combinations of the associated
> words.
>
> This would be comparable to adding a few random bits to the end of
> a number, so I guess that _would_ increase entropy (since the algorithm
> pulls entropy from the (P)RNG used to randomize the sequence, that
> doesn't violate Eivind's assertion).
>
> Given a sufficiently large network of words, and given enough randomness,
> I think such a function _could_ increase the security of `natural'
> passwords, perhaps to a level that brute force attacks become too tedious
> for anyone to bother.
>
> However, such a function would be very slow, especially on decryption,
> and there are easier ways of throwing randomness into an algorithm.
>
> IANAC
>
> > Someone flamed me for the word 'organcially' ... this is what
> > I meant. Obviously this is very simple. you can take it extremely
> > far. Imagine the possibilities to enhance entropy by linking.
> >
> > I guess this must be very stupid.
>
> It doesn't seem stupid to me. Then again, I'm not a cryptographer.
> --
>
> -- michiel
>
I think you got the idea, and successfully showed me what's wrong with it.
You need powerful machines to do the work and huge databases or sources
of information to increase the total number of options.
something in the line of:
cat
... the scientific name of cats or even their dna ... or something?
but the end product would really complicate decrypting or cracking ...?
Kai
- Next message: Kai: "Re: ... challenge?"
- Previous message: Stefan Katzenbeisser: "Re: Koblitz Factor Base Example"
- In reply to: Michiel Buddingh': "Re: content rather than key?"
- Next in thread: Robert van der Meulen: "Re: content rather than key?"
- Reply: Robert van der Meulen: "Re: content rather than key?"
- Reply: Michiel Buddingh': "Re: content rather than key?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
