[unisog] [Fwd: Is the current password std flawed?]
T. Charles Yun
tcyun at internet2.edu
Fri Feb 25 06:28:11 GMT 2005
A while ago, I was doing some work on entropy in text that used a perl
script found online based on Claude Shannon's work. Shannon determined
a (set of) formulas and processes that allowed for the analysis of
entropy in the english language.
If you are interested in a mor thorough mathematical analysis, I suspect
that google can help with terms such as "Shannon entroy password perl" etc.
Harry Hoffman wrote:
> We are having a similar discussion regarding the programs that
> auto-generate easily typed passwords and whether or not it would be
> easier to brute force those passwords based upon key locations and how
> most people type.
> I'm interested to see what you come up with. Are you planning on doing
> any tests to verify this?
> Russell Fulton wrote:
>> Hmmm.... fro my manager. What do you think?
>> I'll post my ideas on this tomorrow.
>> -------- Forwarded Message --------
>> From: Stephen Taylor (ITSS) <stay091 at vxchange.vcr.auckland.ac.nz>
>> To: Russell Fulton <rful011 at vxchange.vcr.auckland.ac.nz>, Bojan Zdrnja
>> <b.zdrnja at auckland.ac.nz>
>> Subject: Is the current password std flawed?
>> Date: Fri, 25 Feb 2005 13:42:51 +1300
>> As part of my discussion with CS re NetAccount v 2 enhancements we
>> looked at the UoA Password Std.
>> The following comments were made by CS.
>> By asking that all passwords must have a numeric and a special character
>> we are making it easier for cracking tools because we have effectively
>> reduced the "pool" of possible password combinations; e.g. no need to
>> check for a password such as "gHsrYBoZ" as this would be rejected as not
>> Similarly by not allowing all numerics such as "33892536".
> unisog mailing list
> unisog at lists.sans.org
T. Charles Yun tcyun internet2 edu
Internet2 1000 Oakbrook, Ann Arbor, Michigan 48108
Program Manager Sciences, Engineering and Security
desk,cell,fax 734.352.4960, 734.730.3300, 734.913.4255
More information about the unisog