jpb@gate.net writes:

I just pick a sentence and...If you feel paranoid...

Allow me to take back all I said about my difficulty in finding good passwords. I can make up plenty difficult passphrases, and I can even type them blindly. What worries me is that *others* will not be as wonderfully smart and clever as am I. Most persons in in the modern world already have to remember several "passwords", most of them being PINs. Large numbers of persons in the modern world also use some sort of computer that also requires a password. Many of these people are even allowed to choose their own passwords. The resulting security is *terrible*. People pick terrible passwords, just read one of the papers on dictionary attacks on /etc/passwd. There are two general approaches to this problem: 1) Lecture on the importance of picking good passwords. 2) Slow down the testing of the poor passwords people do pick. Wait, there is a third approach: ignore the problem! Pat ourselves on the back for choosing (and being able to type) passphrases with maybe 40-bits of entropy in them. Sorry folks, the best way to make your 40-bits secure is to force the TLAs to crack *everyone's* keyrings, try to make them all a bit more secure. It seems to me doing what we can to slow down the testing of passwords is a good idea. Of course keeping encrypted private keys out of circulation is a good idea, but that does not mean there is nothing else to be done. -kb, the Kent who can get annoying -- Kent Borg +1 (617) 776-6899 kentborg@world.std.com kentborg@aol.com Proud to claim 31:15 hours of TV viewing so far in 1994!