In message <[EMAIL PROTECTED]>, Sampo Syreeni writes: >On Thu, 17 Jan 2002, Steven M. Bellovin wrote: > >>For one thing, in Hebrew (and, I think, Arabic) vowels are not normally >>written. > >If something, this would lead me to believe there is less redundancy in >what *is* written, and so less possibility for a dictionary attack. > >>Also, there are a few Hebrew letters which have different forms when >>they're the final letter in a word -- my understanding is that there are >>more Arabic letters that have a different final form, and that some have >>up to four forms: one initial, two middle, and one final. > >At least Unicode codes these as the same codepoint, and treats the >different forms as glyph variants. Normalizing for these before the attack >shouldn't be a big deal. > >>Finally, Hebrew (and, as someone else mentioned, Arabic) verbs have a >>three-letter root form; many nouns are derived from this root. > >This would facilitate the attack, especially if the root form is all that >is written -- it would lead us expect shorter passwords and a densely >populated search space, with less possibility for easy variations like >punctuation. >
Right -- there are factors pushing in both directions, and I don't know how it balances. Your mention of Unicode, though, brings up another point: the encoding that's used can matter, too. If UCS-2 or UCS-4 (16 and 31-bit encodings) are used, I believe that there are many constant bits per character. Even UTF-8 would have that effect. --Steve Bellovin, http://www.research.att.com/~smb Full text of "Firewalls" book now at http://www.wilyhacker.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]