Dear list members: I must admit I find a great deal of this entire thread to be rather entertaining. Unless I am mistaken, I watched two people just spend several emails arguing over typing five characters at one point. How it is possible you can have the time to care about cryptography to the extent to install and use it, but not have the time to care to remember or type an additional 5 characters, when its YOUR OWN DATA you are protecting, is far beyond the scope of my comprehension. What is wrong with English sentences when mixed random words? Example: "My friend Albert is a big putz! Grapes!" <- this is easy to remember, and it has 40 characters. I am curious if anyone has written a script or C program to translate English text into English/numerical text (hello to h3ll0). Very Respectfully, Stuart Blake Tener, IT3, USNR-R, N3GWG VTU 1904G (Volunteer Training Unit) stuart@xxxxxxxxxxx west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Saturday, July 07, 2001 4:24 PM -----Original Message----- From: owner-linux-crypto@xxxxxxxxxxxx [mailto:owner-linux-crypto@xxxxxxxxxxxx]On Behalf Of Stephen Robert Norris Sent: Saturday, July 07, 2001 2:48 PM To: Stephen Robert Norris; peter k.; Michael H. Warfield; Jari Ruusu; linux-crypto@xxxxxxxxxxxx Subject: Re: Announce loop-AES-v1.3b file crypto package On Sat, Jul 07, 2001 at 02:57:46PM -0400, Michael H. Warfield wrote: > > I guess my point is that saying it has to be at least 20 characters > > is meaningless; I can come up with 10 character passwords that > > have vastly more entropy than a 20 character English passphrase > > (60 vs 30 bits). > > But we are not talking about a plain English TEXT passphrase. > You are misapplying the reference of 1.5 bits per character in English > text to something that is only mnemonically related to it. That is > what's inappropriate here. > > Since there is not a real good measure for what would be a > mnemonic passphrase which is not plain text English, I'm not even sure > how to approach the statistical modeling necessary to come up with a > good figure for the entropy in non-plain-text-english mnemonic passphrases, > but I will venture this as a guess... For every plaintext passphrases, > there must exists a large number of related, non-plain-text passphrases > which can be related through transposition, substitution, distortion, and > other mechanisms. It's only necessary to devise one alternative > passphrase option for each character position to increase the effective > entropy by one bit. You can achieve this by a random mix of capitalizations > alone (you just have to remember the sequence of capitals on your pass > phrase). That takes us to 2.5 bits there alone. Four alternatives per > character would yield two additional bits. Substituting numbers and > punctuation into the plain text English accomplishes that. This is all > within the realm of possibility (although some combinations of those > distortions would become a reach). The mnemonic remains and the distortions > are merely perterbations on the mnemonic. > > > It seems that the 20 is really an arbitrary number that just happens to > > suit the way _some people_ like to chose passphrases... > > Actually, I think that what was being argued was that 10 was > insufficient. The original poster was not asking if 20 was sufficient, > he was asking if 10 wasn't sufficient. IMHO... 10 is not sufficient. > The discussion is not over 20, it's over 10. > > Whether 20 is sufficient or not, depends on your use, but it's > better than 10. Arguing that 10 characters is insufficient is NOT arguing > that 20 is sufficient. 20 might be, with decent complexity checkers and > it might not be if it were a clear plaintext passphrase. It might be > total overkill if you are diciplined and have a good enough memory for > high entropy shorter passwords. Certainly 60 bits (10 characters * 6 bits) > is not safe from brute force attacks unless it is protected by other > mechanisms. > > Ppdd wants TWO 24 character passphrases (48 characters or more > total). Is that sufficient? Probably, in most cases. :-) Is it better > than 20? Yeah, I think so, maybe... Does it have any bearing what so > ever on whether or not 10 characters is insufficient? No. > > The argument was over the sufficiency of 10 characters. > Long term, non-volitile, crypto protected by only 60 bits worth of > "key" is subject to being brute force attacked given sufficient > time, equipment, and incentive on the part of the attacker. You > really REALLY want to protect it? You don't use 60 bits. The last sentence is the point, I guess. 10 is too small. 20 is too small unless it's completely random (120 bits). 80 is too small for plain English. In general, the passphrase should contain at least as much entropy as the key, or it's easier to brute force the passphrase than the key. Sorry this has turned into something of an argument - really I should have just made that point and left the discussion. To the original poster: If you're using 256 bit AES, you should have at least 256 bits of entropy in the passphrase - so for a completely random alphanumeric passphrase, that's about 45 characters. For a section of normal English it's about 170. For "randomised" English (for lack of a better term) it's somewhere inbetween. Now, what do people really use? Do they write them down? I store my passphrases in a Palm encrypted under another passphrase. Stephen -- Stephen Norris srn@xxxxxxxxx Farrow Norris Pty Ltd +61 417 243 239 Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
