Message for an old thread, found sitting here unsent. "IT3 Stuart B. Tener, USNR-R" wrote: > I think that without having to learn a great deal about the rules of > entropy weighting, and such, a nice thing to do would be to determine (I > think Peter will wonder about this too), what would provide a strong and > usable encryption standard for appliance operator users? I am not so into > crypto that I care to learn all about entropy and such, I am interested in > learning some basic rules, which I can apply to using these technologies. One basic, and often distinctly inconvenient, rule is the old "chain is as strong as its weakest link" line. For example, if an attacker can guess your passphrase in some practical (depending on attacker resources) number of tries, then he has an attack, no matter how strong everything else is. On the other hand, if your passphrase is impossible to remember so you write it down, then there's another possible attack. > a) What encryption standard is strongest, and can be used to not slow my > work down to such a point that I start to dislike using the encryption at > all? I will presume that AES falls into this category It certainly should be. The process was open and public, many of the world's best-known cryptographers were involved, and no-one found holes. Of course, there are no guarantees. > b) What rules ought we follow to generate a useful pass phrase, which will > keep us secure? Basically, it has to be something you can remember perfectly, but guessing it must be impractical for an attacker. Entropy is just a measure of how hard that guessing is. For example, saying a passphrase has 20 bits of entropy can mean there are 2^20 possibilities, all equally likley. Or perhaps there are more possibilities, but with some bias in their likelyhoods so the search is only 2^20 hard. Normal English text has little entropy, certainly under 3 bits/character, so almost any meaningful chunk of English is a bad passphrase. Any other language is likely just as bad. Mixing languages should make an attack a little harder. Any choice from a short list provides little entropy if the attacker can be expected to discover the list. There are < 64 US states, so < 6 bits per state name. A well-known quote is worse than random text. An attacker might construct a list of, say, the 1000 best-known quotes in English and try them all. Or even 100,000. If the attacker knows the target's politics, taste in music or favorite authors, that knowledge can guide the search. Anything the attacker can reasonably discover -- your date of birth, social security number, ... -- cannot be counted on to provide much entropy. The suggestion that started this thread -- using randomly-chosen words from a long list so you get about 15 bits per word, then adding a few other little fiddles to get a passphrase with 90-bit entropy -- is a good one. People have used mangled quotes. Instead of following on predictably (zero entorpy) from "Now is the time for all good men ...", use "yesterday is the motorcycle for some bleeding wombats to ...". Correctly chosen, such a sequence can be memorable and improbable. However, it might not be all that hard to write a program to generate these mangled versions, given a list of quotes, a dictionary and a set of replacement rules. The rules might say, for example, that a noun can only be replaced with another noun Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
