IDEA/Strength?
E. Allen Smith
EALLENSMITH at ocelot.Rutgers.EDU
Sat Feb 22 00:22:00 PST 1997
From: IN%"stewarts at ix.netcom.com" "Bill Stewart" 22-FEB-1997 03:05:51.28
>At 04:21 PM 2/21/97 -0500, Alec wrote:
>>Is the strength, or lack thereof, of conventional PGP encryption
>>proportional to the length of the conventional password?
>Sure, up to 128 bits of entropy. Go check out pgpcrack.
Another way to put it is that the length places a _maximum_
on the entropy; no more than 7 bits (unless PGP's interface can
deal with control/etcetera keys) minus a fractional bit (for
characters like delete) per character. Of course, simply expanding
a passphrase of "a" to "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" won't do you much good... but
most non-pathological passphrases will expand in entropy as they
expand in length. (There is the consideration, however, that a
lengthy passphrase may need to be in alphabetical characters,
as opposed to alphanumeric, due to human memory limitations. If
you didn't/don't have that, then even a completely random
over-19-character long passphrase (enough to be more than 128
effective bits going in) could be of assistance; greater length
makes it more likely that someone observing you will miss
enough of the passphrase to make a search impractical.)
-Allen
More information about the cypherpunks-legacy
mailing list