[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FCPUNX:Passphrase entropy



At 12:04 PM 4/18/97 -0700, Steve Schear wrote:
> If this is true then how much passphrase entropy is enough to thwart, 
> for example, an NSA crack attempt?  Seems to me it needs to be equal 
> to or greater than the encryption key. What are some good, practical 
> ways of achieving this?

Long keys or random keys.

Suppose you need 80 bits of entropy.

If your passphrase is truly random, for example
        9kDt3fagWxglr
You have about six bits a character, so you only need 
thirteen characters.

If, however, your pass phrase is an intelligible english 
sentence, for example
        Wandering past Saint Ives, I saw many fine buildings covered in ivy
across the road.
You only have about one bit per character, so you need an 
eighty character sentence.

If your passphrase is a short intelligible english phrase, 
as most of them are, it will succumb to a dictionary attack.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   [email protected]