Mike Stay (staym@accessdata.com)
Fri, 28 Aug 1998 20:38:06 -0600
In an attempt to estimate the entropy of passwords & passphrases (Did
Shannon get it right when he said 1.5 to 3 bits per character? His
estimates were based on English text), we're trying to collect a LARGE
(50,000+) database of real passwords to classify them and order the
classes so as to have the best chance of breaking a password in a
reasonable amount of time. Right now we only have about 4000 (all
lowercase, unfortunately) and we crack 70% of them. We'd like to know
more about how users use capitalization and get a much bigger dataset.
One guy we spoke with suggested trying to get the sniffer logs of
arrested crackers (public evidence?). Any other suggestions? Anyone
willing to donate their own sniffer logs? (If so, please send them by
way of replay.com.)
Thanks!
-- Mike Stay Cryptographer / Programmer AccessData Corp. mailto:staym@accessdata.com
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:11:02