<nettime> "Pirate Utopia," FEED, February 20, 2001

David Honig honig at sprynet.com
Mon Sep 24 20:14:53 EDT 2001


At 11:44 AM 9/24/01 -0700, Ray Dillinger wrote:
>
>Actually, dictionary attacks reveal about sixty percent of passwords, 
>so for every six passwords you find on a dictionary attack, you can 
>infer ten actual stegotexts times the ratio between your analyzed and 
>discovered (possibly-false) positives.  
>
>While he has analyzed only two percent of his sample, that's a sufficient 
>number that if even even a tenth of one percent of his positives were 
>real he'd have discovered at least a few passwords. 
>
>The paper is solid statistical methods; lack of any dictionary-yeilding 
>passwords in that big a sample is very strong evidence that the sample 
>is overwhelmingly made up of false positives.
>
>				Bear

That's an excellent point, but: if you were smart enough to use stego
for real, wouldn't you be smart enough to pick a good password? 





 






  







---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list