Wednesday, November 10, 2004


Another interesting open source project. ddv
WordPress > Home
WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. What a mouthful. WordPress is both free and priceless at the same time.

Thursday, November 04, 2004

The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3

The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3
Pass phrases are coming into vogue for a number of reasons, one being the development of tools that can crack many passwords in minutes. These tools are not new. Quakenbush Password Appraiser could do this in 1998. What is new is the theory and practice behind the space-time tradeoff, advanced by Dr. Phillippe Oechslin. The time-space tradeoff means that you do not store all possible hashes, which would require more storage than exists in the universe (if you try to store NT hashes). Storing all the NT hashes up to 14 characters for the 76-character character set would require 5,652,897,009 exabytes of storage, which exceeds the capacity of any file system today. Storing all the LM hashes, which only requires 310 terabytes, is still infeasible. To solve this dilemma, Dr. Oechslin came up with a time-space tradeoff where you only store a portion of the hash and its associated passwords. This drastically cuts storage requirements, and with only 17 gigabytes of storage, you can store the LM hashes for the same character set. As we shall see, one of the primary arguments for pass phrases is that they make the storage requirements prohibitive and break the pre-computed hash attacks.


The Great Debates: Pass Phrases vs. Passwords. Part 1 of 3

Excellent, technical article on the dynamics of security relative to a password. ddv

The Great Debates: Pass Phrases vs. Passwords. Part 1 of 3
Information security fosters some interesting debates. The issues range in importance, but they all demonstrate that the field is still growing and exciting. I would like to summarize some of these debates, and offer my own partial entries. For the first set of these articles, I will enter the passwords fray and address the issue of pass phrases versus passwords.

OK, maybe “pass phrases versus passwords” is really “the other great debate” or the “kind of boring and few people care” debate. In any case, which is more secure, pass phrases or passwords? The answer is not as clear-cut as it may seem.