Mr. Norris, et al.: I claim the first amendment rights (a reference to the US constitution for foreign nationals) of a newbie, to have no clear idea of exactly what is best for my own good! That being said, and with all this clearly exact knowledge with regard to pass phrases, what is the link to the pass phrase FAQ? Perhaps that will get me more grounded in what is best. Very Respectfully, Stuart Blake Tener, IT3, USNR-R, N3GWG VTU 1904G (Volunteer Training Unit) stuart@xxxxxxxxxxx west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Saturday, July 07, 2001 5:31 PM -----Original Message----- From: Stephen Robert Norris [mailto:srn@xxxxxxxxx] Sent: Saturday, July 07, 2001 5:32 PM To: IT3 Stuart B. Tener, USNR-R Cc: srn@xxxxxxxxx; peter k.; Michael H. Warfield; Jari Ruusu; linux-crypto@xxxxxxxxxxxx Subject: Re: Announce loop-AES-v1.3b file crypto package On Sat, Jul 07, 2001 at 04:33:46PM -0700, IT3 Stuart B. Tener, USNR-R wrote: > Dear list members: > > I must admit I find a great deal of this entire thread to be rather > entertaining. Unless I am mistaken, I watched two people just spend several > emails arguing over typing five characters at one point. How it is possible > you can have the time to care about cryptography to the extent to install > and use it, but not have the time to care to remember or type an additional > 5 characters, when its YOUR OWN DATA you are protecting, is far beyond the > scope of my comprehension. > > What is wrong with English sentences when mixed random words? > > Example: "The telephone is a useful invention! Grapes!" <- this is > easy to remember, and it has 44 characters. I am curious if anyone has > written a script or C program to translate English text into > English/numerical text (hello to h3ll0). I couldn't agree more. However, your example is an extremely good example of what not to do. It's 45 characters long. The first 36 are definately "normal english text" - let's assign them 2 bits each (72 bits). The rest is harder - let's pretend it's worth 3 bits each (24 bits). So that's a total of 96 bits protecting your key... Now, in reality it's easier than this - after all, an attacker can try letters & punctuation first, and you even obey normal capital placing rules, so that simplifies things. It's not a good passphrase. A random 10 character one might well be better! I think my general complaint is that people's intuition about what makes a good passphrase is bad :) Stephen -- Stephen Norris srn@xxxxxxxxx Farrow Norris Pty Ltd +61 417 243 239 Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
