On Sat, Jul 07, 2001 at 04:33:46PM -0700, IT3 Stuart B. Tener, USNR-R wrote: > Dear list members: > > I must admit I find a great deal of this entire thread to be rather > entertaining. Unless I am mistaken, I watched two people just spend several > emails arguing over typing five characters at one point. How it is possible > you can have the time to care about cryptography to the extent to install > and use it, but not have the time to care to remember or type an additional > 5 characters, when its YOUR OWN DATA you are protecting, is far beyond the > scope of my comprehension. > > What is wrong with English sentences when mixed random words? > > Example: "The telephone is a useful invention! Grapes!" <- this is > easy to remember, and it has 44 characters. I am curious if anyone has > written a script or C program to translate English text into > English/numerical text (hello to h3ll0). I couldn't agree more. However, your example is an extremely good example of what not to do. It's 45 characters long. The first 36 are definately "normal english text" - let's assign them 2 bits each (72 bits). The rest is harder - let's pretend it's worth 3 bits each (24 bits). So that's a total of 96 bits protecting your key... Now, in reality it's easier than this - after all, an attacker can try letters & punctuation first, and you even obey normal capital placing rules, so that simplifies things. It's not a good passphrase. A random 10 character one might well be better! I think my general complaint is that people's intuition about what makes a good passphrase is bad :) Stephen -- Stephen Norris srn@xxxxxxxxx Farrow Norris Pty Ltd +61 417 243 239
Attachment:
pgp00061.pgp
Description: PGP signature
