Password Difficulties

[Eli Brandt]

> There's an interesting issue here:  is it feasible to construct an
> enumeration based on the 50-60 bits of information?

This does present some problems to an attacker.  There's a tradeoff
between the effective key length and the complexity of the enumerator
to generate these keys.  The fancier the model, the lower the
passphrase entropy, but the harder -- and slower -- it becomes to use.
This all seems hard to quantify, though.

   Eli   ebrandt at hmc.edu