> That sounds very strange to me since the first one has so many more
> characters and has misspelled words.

That does not, per se, mean the encryption is stronger. After all,
'booooooooooring' is not a very strong password...

Let's throw some math at it.

Each word is chosen from a vocabulary of, say, 10000 words (this
includes weird words very few people will know - the active vocabulary
of the average English speaker is ~ 5000 words, IIRC - though that seems
very small) and has 100 different 'correct' ways of spelling it. Then,
six random words with random misspellings have an entropy of
(10000*100)^6 = (10^7)^6 = 10^56 > (2^3)^59 = 2^171.
(If only common words - 1000 total - are used, this will be about
(10^6)^6 = 10^36 > (2^3)^36 = 2^108.)

The second one has eight characters, chosen from a-z, A-Z, 0-9, and
say ten miscellaneous characters, if done right. That would mean 40^8,
or about (2^5)^8 = 2^40 options. Quite a bit worse than the first one.

This does assume that people are not allowed to pick the password in
either case (i.e., it's true random or as close to that as you can get),
*and* the words in the first case *don't form a sentence* (as yours do).
If they do, entropy decreases dramatically; I have heard it say that
entropy decreases to only a few paltry bits (10000 is about 13 bits;
I've heard as low as 1.2 bits for phrases), and entropy may drop as low
as (2 * 100)^6 > (2^7)^6 = 2^42.

It also assumes that one is more creative in misspelling than you did in
per character, and many words are rather small (so 100 will be a little
high - and if using both phrases, with at worst 1 bit of entropy per
word, and simple misspellings with about 4 bits of entropy per word, we
have a key space of only (2^1 * 2^4)^6 = 2^30, in which case the simpler
passwords appear to be more attractive).

In short, calculating the entropy for the first one isn't
straightforward, but seems to suggest that unless lots of randomization
is involved, it is rather weak. Especially if humans are allowed to pick
the phrase.

(Note: it also assumes that the whole password is required - some
mechanisms use only the first eight characters. Oopsie.)

> And shouldn't any secure login to anything only accept just a few
> attempts, e.g. three.

Theoretically, yes. Practically, such 'protection' almost always opens
the door for an easy DoS, *especially* when the network can be sniffed.

> To me it seems like if you just such a system (or
> application) then actually a rather short password should be rather
> safe. How likely is my "weak" passphrase below will be entered in three
> attempts? And after these three attempts you need to restart the
> application. How long time would it take for the fastest machine on
> earth today to brute force that passphrase?

Not that long, DES is quite crackable and has 2^56 bits in its key,
IIRC.

And 'only three attempts' doesn't work all that well in the real world.

> But again, I cannot understand that the first one is considered weaker
> than the second one. In TrueCrypt it is the opposite. You get a warning
> if the password/phrase is shorter than 20 characters. I suppose you
> could find other sites that are of opposite opinion?

Well, at least, the number of characters has very little bearing on the
strength of the passphrase...

Joachim
.

## Relevant Pages

• Re: Hashing methods for giant keys
... >> How many unique output hash results can there be in the digest of SHA ... >characters that are written down which means you are anyway in trouble. ... I am using the passphrase to protect a key file. ... digits worth of entropy in them. ...
(sci.crypt)
• Re: Intruder in my wireless network? / intrusion detection programs
... Password/phrase strength is defined in terms of entropy, ... The advantage of a passphrase of random real words is that it's ... characters to achieve the same level of entropy as a password of random ... James Bond and the NSA ARE NOT trying to hack your network. ...
(alt.internet.wireless)
• Re: Intruder in my wireless network? / intrusion detection programs
... Password/phrase strength is defined in terms of entropy, ... The advantage of a passphrase of random real words is that it's ... characters to achieve the same level of entropy as a password of random ... "To provide adequate protection against the most serious threats... ...
(alt.internet.wireless)
• Re: Intruder in my wireless network? / intrusion detection programs
... Password/phrase strength is defined in terms of entropy, ... characters to achieve the same level of entropy as a password of random ... But if sufficient extra characters are used a passphrase of ... "To provide adequate protection against the most serious threats... ...
(alt.internet.wireless)
• Re: k-deterministic public-private key generation
... sufficient entropy and 2) be easy to remember. ... lower bound on length of 40 characters. ... words, a common word with random substitutions, etc., to the more ... public/private key pair. ...
(sci.crypt)