Re: Are passphrases allowed in TrueCrypt?



marck@xxxxxxxxx wrote:

the contrary advise on the Diceware page, complete with math,
that argues randomly chosen words cannot be cracked that easily.

There is some good information and also links on the diceware pages.

I've always stuck with multi word passphrases. They are a heck of a
lot easier to remember. So far, I have never forgotten a diceware
passphrase, and I've been using them for some years with BestCrypt and
other encryption programs.

One of the links there - at the diceware page - I like is the one on
'shocking nonsense'. I'll paste a couple of sentences from the article
below.

http://www.unix-ag.uni-kl.de/~conrad/krypto/passphrase-faq.html
Passphrase FAQ - FAQ: How do I choose a good password or phrase? -
"Shocking nonsense" means to make up a short phrase or sentence that is
both nonsensical and shocking in the culture of the user, that is, it
contains grossly obscene, racist, impossible or other extreme
juxtaposition of ideas. This technique is permissable because the
passphrase, by its nature, is never revealed to anyone with
sensibilities to be offended. -- When you are permitted to use
passphrases of arbitrary length (in PGP for example) it is not necessary
to further perturb your 'shocking nonsense' passphrase to include
numbers or special symbols because the pool of word choices is already
very high. Not needing those special symbols or numbers (that are not
intrinsically meaningful) makes the shocking nonsense passphrase that
much easier to remember.

64 characters is plenty of 'room' for a nice 'long' shocking nonsense
passphrase.


--
Mike Easter

.



Relevant Pages

  • Re: Are passphrases allowed in TrueCrypt?
    ... that argues randomly chosen words cannot be cracked that easily. ... There is some good information and also links on the diceware pages. ... Passphrase FAQ - FAQ: How do I choose a good password or phrase? ... "Shocking nonsense" means to make up a short phrase or sentence that is ...
    (alt.computer.security)
  • Re: [Full-disclosure] Diceware method adoption - brute force me if you dare
    ... if your analogy was somehow decent, ... high probability of them getting shot/shot at, do you think that somehow makes it legal? ... > I was studying this passphrase creation method called Diceware: ...
    (Full-Disclosure)
  • Re: Memorizing passphrase
    ... > yet easy to remember passphrase for use. ... Also, if I remember right, the diceware method needs more like ... 10 or more words to be anything near as secure as a 128 bit key. ...
    (sci.crypt)
  • Re: Diceware Passphrase... so impractical
    ... passphrase because it just doesn't make any sense. ... secure when using the diceware list but I personally think that the ... A while ago I did some mucking around with the first letter of each word for pass - phrases. ... But don't make up the sentence first - you don't know how much entropy there ...
    (sci.crypt)