-----BEGIN PGP SIGNED MESSAGE-----
Norbert Bollow writes:
> Hmm... I have 2236 four-letter words in my /usr/dict/words. If two of
> them are chosen independently, that gives 2236^2 or roughly 5 million
> possibilities.
My dictionaries, used by crack, contain all of those four-letter words, and
many more besides. Crack can break such a password in about 30 seconds on
a modern machine. In other words, it is *USELESS* if you want any kind of
security. Worse, because it appears good to the novice, such algorithms
gain the reputation of being strong schemes. Such schemes are about as
useful as the XOR cypher that every novice crypto-weenie "discovers".
If you want to do it right, use a good pseudorandom number generator, such
as the one in PGP (including the randseed.bin file), modulo typable
characters, to generate passwords. This is not much different from what Mj
does now. The big difference is the randomness of the session keys.
Of course, if you really want to go down that road, Mj could use PGP
directly, using digital signatures for authentication. That has the
benefit of moving security and authentication entirely out of Majordomo
proper to a tool that is designed for it.
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
Charset: noconv
iQCVAwUBNdw0QZ6VRH7BJMxHAQGYcAP/fm/g1iQpYENqula65fxI+/ebJ77d7Paz
eat7XfK4uLm7ol6a1o2KEKIXyScl4lwRgtCgndPuTWAw/Jbf8nA+bfv0YToiCyZb
xZMNjzrpPM6e1N1hRzReu65xOd5tWquS8fBHsOP+iEBXuk2GbpZE8bNE9dd4FJ4H
Nk5tJZDa3eY=
=vLXs
-----END PGP SIGNATURE-----
--
Rich Pieri <rich.pieri@prescienttech.com> / If Happy Fun Ball begins to smoke,
Sysmonster, Unix Wrangler / get away immediately. Seek shelter
Prescient Technologies, Inc. / and cover head.
I speak for myself, not PTI or SWEC /
Follow-Ups:
References:
|
|
