> > well, im usually using passwords like "4wj8s06bj2" or "7e1t91436g", not any > > english or whatever words!! > > so if i would have to learn a 20 byte password in that format it would be > > like "v1872cqad730lbsq53i8" or "0v7g25y0mp49n26yrntb" and learning that isnt > > easy, is it? ;) > > But that still doesn't buy you as much entropy as using a > longer passphrase that is mnemonic and easier to remember. Even if > you ASSUME that you can use totally random characters, that only > approaches 7 bits per character (but can never reach it) and is > still less than the strength of a well formed 20 character mnemonic > pass phrase that's easier to remember. > ok, then i'll use a 20 byte password =/ btw, are 20 bytes enough or only the minimum? lol and are there some docs on the security of all those ciphers like AES, serpent, whatever? for example, when using that 20 byte password with AES, whats the probability that someone will be able to decrypt it without bruteforcing for years? im still trying to find out whats the best cipher / encryption package (like kernli, loop-AES) to use for getting the maximum security [with the shortest passwords even maybe?] ;) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
