-----BEGIN PGP SIGNED MESSAGE-----
Norbert Bollow writes:
> Hmm... I have 2236 four-letter words in my /usr/dict/words. If two of
> them are chosen independently, that gives 2236^2 or roughly 5 million
My dictionaries, used by crack, contain all of those four-letter words, and
many more besides. Crack can break such a password in about 30 seconds on
a modern machine. In other words, it is *USELESS* if you want any kind of
security. Worse, because it appears good to the novice, such algorithms
gain the reputation of being strong schemes. Such schemes are about as
useful as the XOR cypher that every novice crypto-weenie "discovers".
If you want to do it right, use a good pseudorandom number generator, such
as the one in PGP (including the randseed.bin file), modulo typable
characters, to generate passwords. This is not much different from what Mj
does now. The big difference is the randomness of the session keys.
Of course, if you really want to go down that road, Mj could use PGP
directly, using digital signatures for authentication. That has the
benefit of moving security and authentication entirely out of Majordomo
proper to a tool that is designed for it.
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
-----END PGP SIGNATURE-----
Rich Pieri <email@example.com> / If Happy Fun Ball begins to smoke,
Sysmonster, Unix Wrangler / get away immediately. Seek shelter
Prescient Technologies, Inc. / and cover head.
I speak for myself, not PTI or SWEC /