On Sat, Jul 07, 2001 at 02:57:46PM -0400, Michael H. Warfield wrote: > > I guess my point is that saying it has to be at least 20 characters > > is meaningless; I can come up with 10 character passwords that > > have vastly more entropy than a 20 character English passphrase > > (60 vs 30 bits). > > But we are not talking about a plain English TEXT passphrase. > You are misapplying the reference of 1.5 bits per character in English > text to something that is only mnemonically related to it. That is > what's inappropriate here. > > Since there is not a real good measure for what would be a > mnemonic passphrase which is not plain text English, I'm not even sure > how to approach the statistical modeling necessary to come up with a > good figure for the entropy in non-plain-text-english mnemonic passphrases, > but I will venture this as a guess... For every plaintext passphrases, > there must exists a large number of related, non-plain-text passphrases > which can be related through transposition, substitution, distortion, and > other mechanisms. It's only necessary to devise one alternative > passphrase option for each character position to increase the effective > entropy by one bit. You can achieve this by a random mix of capitalizations > alone (you just have to remember the sequence of capitals on your pass > phrase). That takes us to 2.5 bits there alone. Four alternatives per > character would yield two additional bits. Substituting numbers and > punctuation into the plain text English accomplishes that. This is all > within the realm of possibility (although some combinations of those > distortions would become a reach). The mnemonic remains and the distortions > are merely perterbations on the mnemonic. > > > It seems that the 20 is really an arbitrary number that just happens to > > suit the way _some people_ like to chose passphrases... > > Actually, I think that what was being argued was that 10 was > insufficient. The original poster was not asking if 20 was sufficient, > he was asking if 10 wasn't sufficient. IMHO... 10 is not sufficient. > The discussion is not over 20, it's over 10. > > Whether 20 is sufficient or not, depends on your use, but it's > better than 10. Arguing that 10 characters is insufficient is NOT arguing > that 20 is sufficient. 20 might be, with decent complexity checkers and > it might not be if it were a clear plaintext passphrase. It might be > total overkill if you are diciplined and have a good enough memory for > high entropy shorter passwords. Certainly 60 bits (10 characters * 6 bits) > is not safe from brute force attacks unless it is protected by other > mechanisms. > > Ppdd wants TWO 24 character passphrases (48 characters or more > total). Is that sufficient? Probably, in most cases. :-) Is it better > than 20? Yeah, I think so, maybe... Does it have any bearing what so > ever on whether or not 10 characters is insufficient? No. > > The argument was over the sufficiency of 10 characters. > Long term, non-volitile, crypto protected by only 60 bits worth of > "key" is subject to being brute force attacked given sufficient > time, equipment, and incentive on the part of the attacker. You > really REALLY want to protect it? You don't use 60 bits. The last sentence is the point, I guess. 10 is too small. 20 is too small unless it's completely random (120 bits). 80 is too small for plain English. In general, the passphrase should contain at least as much entropy as the key, or it's easier to brute force the passphrase than the key. Sorry this has turned into something of an argument - really I should have just made that point and left the discussion. To the original poster: If you're using 256 bit AES, you should have at least 256 bits of entropy in the passphrase - so for a completely random alphanumeric passphrase, that's about 45 characters. For a section of normal English it's about 170. For "randomised" English (for lack of a better term) it's somewhere inbetween. Now, what do people really use? Do they write them down? I store my passphrases in a Palm encrypted under another passphrase. Stephen -- Stephen Norris srn@xxxxxxxxx Farrow Norris Pty Ltd +61 417 243 239
Attachment:
pgp00060.pgp
Description: PGP signature
