At 02:51 PM 7/21/96 -0400, you wrote:
Erle Greer writes:
I have a 2048-bit PgP key and pseudorandom a/n character generator, from which I chose a large passphrase similar to:
f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne (Yes, cut-n-paste, but my only in-house threat is my wife.)
Actual Question: Does the length and randomness of a passphrase contribute at all to the overall security of a cryptosystem?
The passphrase only does one thing for you, which is protect your keyring in case someone gets it. Since you keep the passphrase on line, you are actually less secure than if you used a memorable phrase.
BTW, since the passphrase is used to hash into an IDEA key, more than 128 bits of input entropy would be wasted.
Perry
Good point. Another bad thing about keeping the passphrase on-line is that I would have to trasport the passphrase on floppy if I required portability. Depending on how important my information may be, I could possible be carrying my whole life on a floppy. I see now that it is better to just memorize a phrase. Thanks! vagab0nd@sd.cybernex.net http://ww2.sd.cybernex.net/~vagab0nd/index.html Visit web page for public key.