[unisog] [Fwd: Is the current password std flawed?]

T. Charles Yun tcyun at internet2.edu
Fri Feb 25 06:28:11 GMT 2005


A while ago, I was doing some work on entropy in text that used a perl 
script found online based on Claude Shannon's work.  Shannon determined 
a (set of) formulas and processes that allowed for the analysis of 
entropy in the english language.

If you are interested in a mor thorough mathematical analysis, I suspect 
that google can help with terms such as "Shannon entroy password perl" etc.

- Charles

Harry Hoffman wrote:
> Russell,
> 
> We are having a similar discussion regarding the programs that 
> auto-generate easily typed passwords and whether or not it would be 
> easier to brute force those passwords based upon key locations and how 
> most people type.
> 
> I'm interested to see what you come up with. Are you planning on doing 
> any tests to verify this?
> 
> 
> --Harry
> 
> 
> Russell Fulton wrote:
> 
>> Hmmm.... fro  my manager.  What do you think?
>>
>> I'll post my ideas on this tomorrow.
>>
>> Russell
>>
>> -------- Forwarded Message --------
>> From: Stephen Taylor (ITSS) <stay091 at vxchange.vcr.auckland.ac.nz>
>> To: Russell Fulton <rful011 at vxchange.vcr.auckland.ac.nz>, Bojan Zdrnja
>> <b.zdrnja at auckland.ac.nz>
>> Subject: Is the current password std flawed?
>> Date: Fri, 25 Feb 2005 13:42:51 +1300
>> As part of my discussion with CS re NetAccount v 2 enhancements we
>> looked at the UoA Password Std.
>>
>> The following comments were made by CS.
>>
>> By asking that all passwords must have a numeric and a special character
>> we are making it easier for cracking tools because we have effectively
>> reduced the "pool" of possible password combinations; e.g. no need to
>> check for a password such as "gHsrYBoZ" as this would be rejected as not
>> valid.
>>
>> Similarly by not allowing all numerics such as "33892536".
>>
> ...
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 
> 

-- 
   T. Charles Yun  tcyun internet2 edu
        Internet2  1000 Oakbrook, Ann Arbor, Michigan 48108
  Program Manager  Sciences, Engineering and Security
    desk,cell,fax  734.352.4960, 734.730.3300, 734.913.4255
              web  people.internet2.edu/~tcyun
    yahoo,msn,aim  tcharlesyun




More information about the unisog mailing list