<nettime> "Pirate Utopia," FEED, February 20, 2001
David Honig
honig at sprynet.com
Mon Sep 24 20:14:53 EDT 2001
At 11:44 AM 9/24/01 -0700, Ray Dillinger wrote:
>
>Actually, dictionary attacks reveal about sixty percent of passwords,
>so for every six passwords you find on a dictionary attack, you can
>infer ten actual stegotexts times the ratio between your analyzed and
>discovered (possibly-false) positives.
>
>While he has analyzed only two percent of his sample, that's a sufficient
>number that if even even a tenth of one percent of his positives were
>real he'd have discovered at least a few passwords.
>
>The paper is solid statistical methods; lack of any dictionary-yeilding
>passwords in that big a sample is very strong evidence that the sample
>is overwhelmingly made up of false positives.
>
> Bear
That's an excellent point, but: if you were smart enough to use stego
for real, wouldn't you be smart enough to pick a good password?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list