[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FCPUNX:Passphrase entropy

To: [email protected]
Subject: Re: FCPUNX:Passphrase entropy
From: [email protected]
Date: Fri, 18 Apr 1997 23:40:53 +0800
Sender: [email protected]

At 12:04 PM 4/18/97 -0700, Steve Schear wrote:
> If this is true then how much passphrase entropy is enough to thwart, 
> for example, an NSA crack attempt?  Seems to me it needs to be equal 
> to or greater than the encryption key. What are some good, practical 
> ways of achieving this?

Long keys or random keys.

Suppose you need 80 bits of entropy.

If your passphrase is truly random, for example
        9kDt3fagWxglr
You have about six bits a character, so you only need 
thirteen characters.

If, however, your pass phrase is an intelligible english 
sentence, for example
        Wandering past Saint Ives, I saw many fine buildings covered in ivy
across the road.
You only have about one bit per character, so you need an 
eighty character sentence.

If your passphrase is a short intelligible english phrase, 
as most of them are, it will succumb to a dictionary attack.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   [email protected]

Prev by Date: Re: SSL weakness affecting links from pa
Next by Date: commercial web remailer myemail.net
Prev by thread: Re: Light Bulbs & newsgroups
Next by thread: commercial web remailer myemail.net
Index(es):
- Date
- Thread