[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Length of passphrase beneficial?
At 02:51 PM 7/21/96 -0400, you wrote:
>
>Erle Greer writes:
>> I have a 2048-bit PgP key and pseudorandom a/n character
>> generator, from which I chose a large passphrase similar to:
>>
>> f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne
>> (Yes, cut-n-paste, but my only in-house threat is my wife.)
>>
>> Actual Question:
>> Does the length and randomness of a passphrase contribute at all
>> to the overall security of a cryptosystem?
>
>The passphrase only does one thing for you, which is protect your
>keyring in case someone gets it. Since you keep the passphrase on
>line, you are actually less secure than if you used a memorable
>phrase.
>
>BTW, since the passphrase is used to hash into an IDEA key, more than
>128 bits of input entropy would be wasted.
>
>Perry
>
Good point. Another bad thing about keeping the passphrase on-line is
that I would have to trasport the passphrase on floppy if I required
portability. Depending on how important my information may be, I
could possible be carrying my whole life on a floppy. I see now that
it is better to just memorize a phrase.
Thanks!
[email protected]
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.