Re: AW: ADS Password Storage Protection

[Joe Barr <joe () pjprimer com>]

On Thu, 2006-07-20 at 08:25 +0200,
Christian.Assfalg () bc boehringer-ingelheim com wrote:
> What you say is true, length increases the maximum number of possible
> passwords far more than a greater number of base characters. That is
> statistical mathematics. However, it assumes that the characters are
> not dependant on the other characters, which is not always the case.
> That's why dictionary attacks work so fine. You can substitute a
> number of characters (say 4) with all possible 4-character-long words.
> That reduces your complexity quite a bit. A passphrase of 8 words with
> 5 characters each does not translate to 24^40 possibilities, but
> rather to (whatever-the-number-of-5-character-words-in-english-is)^8.
> In a dictionary attack, you can use this to significantly reduce the
> number of tries you have to try.

I'm not following this.  A dictionary attack will be of no use against a
passphrase of 8 words, will it?


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------