[10201] in cryptography@c2.net mail archive
Re: password-cracking by journalists...
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sun Jan 20 11:36:29 2002
From: "Steven M. Bellovin" <smb@research.att.com>
To: Sampo Syreeni <decoy@iki.fi>
Cc: "Arnold G. Reinhold" <reinhold@world.std.com>,
cryptography@wasabisystems.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 19 Jan 2002 19:38:02 -0500
Message-Id: <20020120003802.A53F27B4B@berkshire.research.att.com>
In message <Pine.SOL.4.30.0201200101340.17593-100000@kruuna.Helsinki.FI>, Sampo
Syreeni writes:
>On Thu, 17 Jan 2002, Steven M. Bellovin wrote:
>
>>For one thing, in Hebrew (and, I think, Arabic) vowels are not normally
>>written.
>
>If something, this would lead me to believe there is less redundancy in
>what *is* written, and so less possibility for a dictionary attack.
>
>>Also, there are a few Hebrew letters which have different forms when
>>they're the final letter in a word -- my understanding is that there are
>>more Arabic letters that have a different final form, and that some have
>>up to four forms: one initial, two middle, and one final.
>
>At least Unicode codes these as the same codepoint, and treats the
>different forms as glyph variants. Normalizing for these before the attack
>shouldn't be a big deal.
>
>>Finally, Hebrew (and, as someone else mentioned, Arabic) verbs have a
>>three-letter root form; many nouns are derived from this root.
>
>This would facilitate the attack, especially if the root form is all that
>is written -- it would lead us expect shorter passwords and a densely
>populated search space, with less possibility for easy variations like
>punctuation.
>
Right -- there are factors pushing in both directions, and I don't know
how it balances.
Your mention of Unicode, though, brings up another point: the encoding
that's used can matter, too. If UCS-2 or UCS-4 (16 and 31-bit
encodings) are used, I believe that there are many constant bits per
character. Even UTF-8 would have that effect.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
