At 12:04 PM 4/18/97 -0700, Steve Schear wrote:

If this is true then how much passphrase entropy is enough to thwart, for example, an NSA crack attempt? Seems to me it needs to be equal to or greater than the encryption key. What are some good, practical ways of achieving this?

Long keys or random keys. Suppose you need 80 bits of entropy. If your passphrase is truly random, for example 9kDt3fagWxglr You have about six bits a character, so you only need thirteen characters. If, however, your pass phrase is an intelligible english sentence, for example Wandering past Saint Ives, I saw many fine buildings covered in ivy across the road. You only have about one bit per character, so you need an eighty character sentence. If your passphrase is a short intelligible english phrase, as most of them are, it will succumb to a dictionary attack. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd@echeque.com