brian@digi-g.UUCP (Brian Westley) (08/22/84)
Why not just use the name of a scroll in rogue? 'bieurdan pluviv elmon'
smh@mit-eddie.UUCP (Steven M. Haflich) (08/25/84)
brian@digi-g.UUCP suggests: Why not just use the name of a scroll in rogue? 'bieurdan pluviv elmon' This would be a poor idea because the Rogue scroll names are selected from a *small* repertory of syllables, and consequently there is a fairly small domain of possible names -- perhaps numbering only in the thousands. Passwords work because it takes a significant amount of time for a computer to encrypt the cleartext before the result can be compared against the public (/etc/passwd) encryption. The domain of possible cleartext passwords must be sufficiently huge so that exhaustive search is prohibitive. Most non-high-tech approaches to password cracking narrow the search space in hope that some passwords selected by users will be found in the smaller domain -- e.g., common names, or an English dictionary. You must assume crackers will know the algorithm which selects machine-assigned passwords, and hence its output range, you must ensure that the range is huge, and its operation impossible to analyze. For example, selection algorithms which depend in some way upon clock time fail because a cracker can learn via lastcomm approximately when the password was selected, greatly narrowing the range to be searched. Steve Haflich, MIT