[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Password Difficulties



	 I suspect that Kent is right that most pass phrases don't have
	 over 50 or 60 bits of entropy, far below the 128 bits of
	 protection that we like to think IDEA is giving us.

There's an interesting issue here:  is it feasible to construct an
enumeration based on the 50-60 bits of information?  If not, the
protection is rather stronger in a practical sense.  But if one can
generate a reasonably comprehensive enumeration, then an enemy who
can brute-force (say) a 56-bit key could attack a PGP keyring as well.

It should be more or less obvious to this group, but it bears repeating
anyway.  The number of possible keys sets an upper bound on the
difficulty of attacking a system; it says nothing about the lower bound.
(Proof:  a monoalphabetic substitution on English has 26! possible keys,
which is about 88 or 89 bits.  But solutions are extremely trivial.)
Passphrases aren't 128 bits -- but they may be quite strong nevertheless.