[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Length of passphrase beneficial?

To: Erle Greer <[email protected]>
Subject: Re: Length of passphrase beneficial?
From: "Perry E. Metzger" <[email protected]>
Date: Sun, 21 Jul 1996 14:51:20 -0400
cc: [email protected]
In-reply-to: Your message of "Sun, 21 Jul 1996 12:26:15 CDT." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

Erle Greer writes:
> I have a 2048-bit PgP key and pseudorandom a/n character
> generator, from which I chose a large passphrase similar to:
> 
> f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne
> (Yes, cut-n-paste, but my only in-house threat is my wife.)
> 
> Actual Question:
> Does the length and randomness of a passphrase contribute at all
> to the overall security of a cryptosystem?

The passphrase only does one thing for you, which is protect your
keyring in case someone gets it. Since you keep the passphrase on
line, you are actually less secure than if you used a memorable
phrase.

BTW, since the passphrase is used to hash into an IDEA key, more than
128 bits of input entropy would be wasted.

Perry

References:
- Length of passphrase beneficial?
  - From: Erle Greer <[email protected]>

Prev by Date: Re: Netscape
Next by Date: Re: Filtering out Queers is OK
Prev by thread: Re: Length of passphrase beneficial?
Next by thread: Re: Length of passphrase beneficial?
Index(es):
- Date
- Thread