On Sun, Jul 08, 2001 at 10:31:51AM +1000, Stephen Robert Norris wrote: > > It's not a good passphrase. A random 10 character one might well be better! > > I think my general complaint is that people's intuition about what makes > a good passphrase is bad :) Here's an algorithm for choosing a strong pass phrase, in case people are curious for one that's demonstrably pretty strong[1]. Comments and corrections welcome. 1) Copy all words between 5 and 10 characters long from the /usr/share/dict/american-english file in a Debian system. This procedure gives me 35,479 words, or about 15 bits of entropy per word provided they are chosen truly randomly. You might have to localize this procedure to your own system. Just remember entropy == base 2 logarithm of number of choices iff they are truly unpredictable. 2) Select 5 words at random from the list. Use /dev/random or another known good source of entropy. 3) Before each of the words, place a digit from one to eight. Again, these should be chosen at random. 4) Add a space between words (this doesn't contribute entropy but helps readability if you want to write the passphrase down in your completely offline, double-secret hidey-hole, and seems to make the phrase easier for humans to remember--based on informal, empirical testing I have conducted). You'll now have a passphrase something like this: "5tornado 5archiver 1nightcap 8Haifa 7ballad" Such a passphrase has roughly 90 bits of entropy given a known choice of construction algorithm, since each random word choice contributes 15 bits and each random digit (one of eight) contributes 3 bits. The rationale for the numbers is to keep natural language word frequency from coming into play very much, as it might if someone were testing spaced-out English words without knowing your selection algorithm. => Ninety bits puts you well into "they'll break in and bug your keyboard first" territory provided your algorithms and other security factors are good. 5) Don't tell anyone you're using this algorithm. This will add more bits of entropy to your passphrase as a whole, since this passphrase space will become one of many that must be searched. [1] Actually I'm grubbing for few more bits of entropy by not revealing my _actual_ passphrase selection algorithm; this is a variant :-). miket Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
