The case for PassPhrases#
Robert Hensing's blog post discusses the case for using pass phrases in leu of passWORDS.

Very interesting. There were some comments about how passphrases could be easily cracked, if you used all common words or a common phrase. I think salting your passphrase would eliminate this.

What I mean is "one small step for man" would be easy to crack, but "one small step for man!@#$" would not be easy.

I wrote Robert about this and he replied:
Oh I absolutely understand what you're talking about - I thought I had addressed this in my blog - maybe it was in subsequent posts or discussion - it was a while ago.

The net net is that the general consensus is that if everyone starts doing this we will of course see pass-phrase cracking tools pop-up that know about the English language and it will be optimized to try only certain word combinations which actually make sense and have a list of popular / common phrases.

To counter this - you are absolutely right - your 'salt' would probably work fine and force the cracker to go into hybrid mode (try each phrase / sentence with a small brute-force attack of characters on the end to catch people who just do !@#$ at the end etc.).

That's where punctuation, mis-spelling, and slang all come in handy. :) In the south we say 'ya'll' a lot - use that. Etc.
Categories:
Wednesday, March 09, 2005 1:30:52 PM (Central Standard Time, UTC-06:00) #    Comments [0]  | 

 

Name
E-mail
(will show your gravatar icon)
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):
All content © 2008, Christopher May, Inc
Open Job Positions
On this page
Google Ads
This site
Syndicate
Calendar
<November 2008>
SunMonTueWedThuFriSat
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456
Archives
 Full Archives By Category
November, 2008 (3)
October, 2008 (11)
September, 2008 (5)
August, 2008 (1)
July, 2008 (15)
June, 2008 (14)
May, 2008 (2)
April, 2008 (6)
March, 2008 (12)
February, 2008 (7)
January, 2008 (10)
December, 2007 (2)
November, 2007 (13)
October, 2007 (10)
September, 2007 (6)
August, 2007 (4)
July, 2007 (12)
June, 2007 (25)
May, 2007 (19)
April, 2007 (14)
March, 2007 (18)
February, 2007 (18)
January, 2007 (20)
December, 2006 (18)
November, 2006 (22)
October, 2006 (12)
September, 2006 (16)
August, 2006 (15)
July, 2006 (13)
June, 2006 (8)
May, 2006 (18)
April, 2006 (53)
March, 2006 (13)
December, 2005 (5)
October, 2005 (1)
September, 2005 (23)
August, 2005 (20)
July, 2005 (18)
June, 2005 (19)
May, 2005 (15)
April, 2005 (32)
March, 2005 (22)
February, 2005 (6)
January, 2005 (12)
December, 2004 (13)
November, 2004 (6)
September, 2004 (3)
August, 2004 (4)
July, 2004 (10)
June, 2004 (10)
May, 2004 (29)
April, 2004 (20)
March, 2004 (16)
February, 2004 (10)
January, 2004 (20)
December, 2003 (20)
November, 2003 (12)
October, 2003 (17)
September, 2003 (35)
August, 2003 (17)
July, 2003 (32)
June, 2003 (27)
May, 2003 (14)
Sitemap
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Blogroll OPML
 Brad Abrams
 Clemens Vasters
 Don Box
 Harry Pierson
 Joshua Flanagan
 Omar Shahine
 Rob Howard
 Rocky Lhotka
 Scott Gu
 Scott Hanselman
 Tom Mertens
Disclaimer

Powered by: newtelligence dasBlog 1.9.6264.0

The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

Send mail to the author(s) E-mail

Theme design by Jelle Druyts


Pick a theme: