Re: Passphrase generation
-----BEGIN PGP SIGNED MESSAGE-----
Internaut
Hi, I am wanting to learn how to generate a passphrase that is at least as strong as the IDEA algorithm. I have looked several other places on the web for an answer to this, but they all had different things to say that didn't add up (no pun intended :).
Chech out the cannonical passphrase FAQ: http://www.stack.nl/~galactus/remailers/passphrase-faq.html This one has some quick reminders of what to do and not to do http://www.encryption.com/pphrase.htm Bottom line, totally random ASCII will have lots of bits per character, but english has about 1.2 bits per character. Misspellings can add to that, depending on the extent of mutillation . Combining certain words can make your passphrase weaker (such as "To be or not to be," "This is my passphrase," etc.). HTH, Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMv48Bskz/YzIV3P5AQGSaQMAjrTuhDUZ4THFFN9wgV8DhODJtHSGnmBM EPmo02rXsN4gslmVpV9+k7sRTOvuZ+vCYvNQL+knaMz4QiNsz8FUleUqo3v5Nx1w 7pJjcWK1wvKe9Y6ky6PXnAECRZ73gVuj =P1Zh -----END PGP SIGNATURE-----
You want to think about how does someone attack the passphrase?
Essentially, there are dictionary methods, where probably passphrasess
are checked. These are enhanced by the use of changers, where the
word is modified in ways common to people changing passwords:
target
Target
targeT
target0
0target
target1
Crack, by Alex Muffet, produces on the order of 1000 derived words per
word its given.
I use phrases of 30-90 pink elephants with some arbitrary pizzas tossed on
the floor.
Adam
Jeremiah A Blatz wrote:
-- Start of PGP signed section.
| Internaut
participants (2)
-
Adam Shostack
-
Jeremiah A Blatz