FCPUNX:Passphrase entropy
jamesd at echeque.com
jamesd at echeque.com
Fri Apr 18 23:43:18 PDT 1997
At 12:04 PM 4/18/97 -0700, Steve Schear wrote:
> If this is true then how much passphrase entropy is enough to thwart,
> for example, an NSA crack attempt? Seems to me it needs to be equal
> to or greater than the encryption key. What are some good, practical
> ways of achieving this?
Long keys or random keys.
Suppose you need 80 bits of entropy.
If your passphrase is truly random, for example
9kDt3fagWxglr
You have about six bits a character, so you only need
thirteen characters.
If, however, your pass phrase is an intelligible english
sentence, for example
Wandering past Saint Ives, I saw many fine buildings covered in ivy
across the road.
You only have about one bit per character, so you need an
eighty character sentence.
If your passphrase is a short intelligible english phrase,
as most of them are, it will succumb to a dictionary attack.
---------------------------------------------------------------------
|
We have the right to defend ourselves | http://www.jim.com/jamesd/
and our property, because of the kind |
of animals that we are. True law | James A. Donald
derives from this right, not from the |
arbitrary power of the state. | jamesd at echeque.com
More information about the cypherpunks-legacy
mailing list