CDR: Re: Is kerberos broken?
sunder
sunder at sunder.net
Wed Sep 6 12:10:57 PDT 2000
Marcel Popescu wrote:
>
> X-Loop: openpgp.net
> From: "sunder" <sunder at sunder.net>
>
> > I tend to just string up lots of characters, so my passphrases look like
> this:
> >
> > ^#.;Odfi9 at 7f$}'~%42w0,m:Qe_|33+\ and so on.
>
> Why the heck would you need a password this big? There are 94 printable
> characters (0x33 .. 0x7E); a random password 32 chars long (like the above)
> will thus have ~ 1.38 x 10^63 possibilities, meaning 210 bits of entropy
> (10^63 = O(2^210)). What, do you intend to use your password as a public
> key?
>
> A password made of the same character set, but only 8 chars long, will
> provide 94^8 ~= 6 x 10^15 = O(2^50) combinations. I'd say that's plenty -
> remember, it's a password, not a key.
I use things like the above as passphrases, not passwords, to things like PGP or the encrypted disk partitions I use. Hence you
need lots of entropy.
--
----------------------Kaos-Keraunos-Kybernetos---------------------------
+ ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
\|/ :aren't security. A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you \/|\/
/|\ :masked killer, but |don't email them, or put them on a web \|/
+ v + :will violate privacy|site, and you must change them very often.
--------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------
More information about the cypherpunks-legacy
mailing list