Unformatted text preview: ter and section titles. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth)
Brief Full Advanced Search Search Tips (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Search this book:
Go! Previous Table of Contents Next
----------- And remember, computing power doubles every 18 months. If you expect your keys to stand up against brute-force attacks for 10 years, you’d better plan accordingly. Poor Key Choices
When people choose their own keys, they generally choose poor ones. They’re far more likely to choose “Barney” than “*9 (hH/A.” This is not always due to poor security practices; “Barney” is easier to remember than “*9 (hH/A.” The world’s most secure algorithm won’t help much if the users habitually choose their spouse’s names for keys or write their keys on little pieces of paper in their wallets. A smart brute-force attack doesn’t try all possible keys in numerical order; it tries the obvious keys first. This is called a dictionary attack, because the attacker uses a dictionary of common keys. Daniel Klein was able to crack 40 percent of the passwords on the average computer using this system [847,848]. No, he didn’t try one password after another, trying to login. He copied the encrypted password file and mounted the attack offline. Here’s what he tried: 1. The user’s name, initials, account name, and other relevant personal information as a possible password. All in all, up to 130 different passwords were tried based on this information. For an account name klone with a user named “Daniel V. Klein,” some of the passwords that would be tried were: klone, klone0, klone1, klone123, dvk, dvkdvk, dklein, DKlein leinad, nielk, dvklein, danielk, DvkkvD, DANIEL-KLEIN, (klone), KleinD, and so on. 2. Words from various databases. These included lists of men’s and women’s names (some 16,000 in all); places (including variations so that “spain,” “spanish,” and “spa...
View Full Document
- Fall '10
- Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips