[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Length of passphrase beneficial?

To: [email protected], [email protected]
Subject: Re: Length of passphrase beneficial?
From: Erle Greer <[email protected]>
Date: Sun, 21 Jul 1996 14:08:41 -0500
Sender: [email protected]

At 02:51 PM 7/21/96 -0400, you wrote:
>
>Erle Greer writes:
>> I have a 2048-bit PgP key and pseudorandom a/n character
>> generator, from which I chose a large passphrase similar to:
>> 
>> f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne
>> (Yes, cut-n-paste, but my only in-house threat is my wife.)
>> 
>> Actual Question:
>> Does the length and randomness of a passphrase contribute at all
>> to the overall security of a cryptosystem?
>
>The passphrase only does one thing for you, which is protect your
>keyring in case someone gets it. Since you keep the passphrase on
>line, you are actually less secure than if you used a memorable
>phrase.
>
>BTW, since the passphrase is used to hash into an IDEA key, more than
>128 bits of input entropy would be wasted.
>
>Perry
>
Good point.  Another bad thing about keeping the passphrase on-line is
that I would have to trasport the passphrase on floppy if I required
portability.  Depending on how important my information may be, I
could possible be carrying my whole life on a floppy.  I see now that
it is better to just memorize a phrase.

Thanks!
[email protected]
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.

Prev by Date: Re: Netscape 3.0B US version MD5 (was: Re: overseas PGPfone and Netscape)
Next by Date: Re: Responding to Pre-dawn Unannounced Ninja Raids
Prev by thread: Re: Length of passphrase beneficial?
Next by thread: Re: Length of passphrase beneficial?
Index(es):
- Date
- Thread