Length of passphrase beneficial?
-----BEGIN PGP SIGNED MESSAGE----- Feel free to skip to 'Actual Question:' below. I am one to succumb to the assumed benefits of overkill. I like the fact that everyone's use of crypto can cause each individual transmission to become less suspicious to prying eyes. I would love knowing that the govt. spent billions of CPU cycles on one of my transmissions only to find my softball schedule. We could lure them by making our subject lines 'Fertilizer-Bomb Recipe' or 'CHILDPORN.GIF Attached', not condoning either, of course. I have a 2048-bit PgP key and pseudorandom a/n character generator, from which I chose a large passphrase similar to: f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne (Yes, cut-n-paste, but my only in-house threat is my wife.) Actual Question: Does the length and randomness of a passphrase contribute at all to the overall security of a cryptosystem? Thanks in advance! -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQEVAwUBMfJn0HychImXHmeJAQFpeQf/cLkFsELVEOquVseK7m6Ze+R1zFzkrM8G T8M4NTdoOALSQKY5Xjj/YHPt9iGY28U5FAPJt/v77YFsewiLxskcJn5fd6G2wX2j gneSXat0ExIMdLkUuIFDZl2tUny7bBgj2AimIK2Pd0BVlYT8RXPaDhpeWjmHKZpg vbZaS4yuSSFBy8oucfjO7ivShcraRwIG0Rq6/GCXuhT6Oi0EOaCUWJ+ofYVSqMkb Jsz9ElMVVVFc+caPwYn5mSVy8Xj3u9UxKOPPoXOpEpJ3gGPsuoiemcwcB/F1VQ34 +uC1YtdndAAu5jRU5JCWYbqYA+BiWY4K/vl9jaJ29BKjLiVfKrU+wA== =W00K -----END PGP SIGNATURE----- vagab0nd@sd.cybernex.net http://ww2.sd.cybernex.net/~vagab0nd/index.html Visit web page for public key.
On Sun, 21 Jul 1996, Erle Greer wrote: [snip]
I have a 2048-bit PgP key and pseudorandom a/n character generator, from which I chose a large passphrase similar to:
f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne (Yes, cut-n-paste, but my only in-house threat is my wife.)
Ugh. Erle, you might want to check out the Diceware method for generating passphrases. It lets you generate a lengthy passphrase that is random and that you might actually be able to remember :) I don't have a URL handy, but if you go to Altavista and search for "diceware" you should find it... It might be indexed at Yahoo, too...
Actual Question: Does the length and randomness of a passphrase contribute at all to the overall security of a cryptosystem?
Actual short answer: yes :) Look for the passphrase FAQ, for a better explanation than I can give... ______________________________________________________________________ Rich Burroughs richieb@teleport.com http://www.teleport.com/~richieb See my Blue Ribbon Page at http://www.teleport.com/~richieb/blueribbon New EF zine "cause for alarm" - http://www.teleport.com/~richieb/cause
Rich Burroughs <richieb@teleport.com> wrote:
Actual Question: Does the length and randomness of a passphrase contribute at all to the overall security of a cryptosystem?
Actual short answer: yes :) Answer in his particular case, however: no -- Paul Foley <mycroft@actrix.gen.nz> --- PGPmail preferred PGP key ID 0x1CA3386D available from keyservers fingerprint = 4A 76 83 D8 99 BC ED 33 C5 02 81 C9 BF 7A 91 E8 ---------------------------------------------------------------------- A bird in the bush usually has a friend in there with him.
Erle Greer writes:
I have a 2048-bit PgP key and pseudorandom a/n character generator, from which I chose a large passphrase similar to:
f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne (Yes, cut-n-paste, but my only in-house threat is my wife.)
Actual Question: Does the length and randomness of a passphrase contribute at all to the overall security of a cryptosystem?
The passphrase only does one thing for you, which is protect your keyring in case someone gets it. Since you keep the passphrase on line, you are actually less secure than if you used a memorable phrase. BTW, since the passphrase is used to hash into an IDEA key, more than 128 bits of input entropy would be wasted. Perry
Erle Greer wrote: | f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne | (Yes, cut-n-paste, but my only in-house threat is my wife.) | | Actual Question: | Does the length and randomness of a passphrase contribute at all | to the overall security of a cryptosystem? Not directly. The SECRECY of a passphrase does contribute. If you do not provide it to your attacker (in the form of a file on your computer which a Microsoft Worm macro carried in a message might send out, that the search party might find, etc), then the length and difficulty of guessing protect you. For random text (I'll assume you're rolling dice) like that, figure you get about 5 bits of entropy per character. Your PGP secret key is IDEA encrypted with a 128 bit key, so you don't need any more than 30 characters of random text to get a passphrase space (or universe, to use Tim's metaphor) thats harder to search than the keyspace. I think its a poor assumption that your home won't be searched if you're doing something that makes you want a 2048 bit key. A thousand bits of keylength should be good enough for most things that don't need to stay secret more than 5-10 years. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
participants (5)
-
Adam Shostack -
Erle Greer -
Paul Foley -
Perry E. Metzger -
Rich Burroughs