Re: Strong Passwords Revisited
From: Ernst-Udo Wallenborn (ernst-udo.wallenborn@freenet.de)
Date: 02/16/03
- Next message: Shadow: "pop-ups"
- Previous message: John Jordan: "Re: Restricting Program Downloads and Installation"
- In reply to: Lawrence DčOliveiro: "Re: Strong Passwords Revisited"
- Next in thread: Lawrence DčOliveiro: "Re: Strong Passwords Revisited"
- Reply: Lawrence DčOliveiro: "Re: Strong Passwords Revisited"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Ernst-Udo Wallenborn <ernst-udo.wallenborn@freenet.de> Date: 16 Feb 2003 15:24:33 +0100
Lawrence DčOliveiro <ldo@geek-central.gen.new_zealand> writes:
> I thought of a sort of compromise idea: choosing a single random word
> from a dictionary is a bad idea, but what if you choose multiple random
> words?
That's exactly how diceware [1] works. A list of 7776 = 6**5 english
words, each with a number from 11111 to 66666. Like this:
16655 clause
16656 claw
16661 clay
16662 clean
You take a dice, throw it five times, look up the word. Repeat.
If you select the words truly randomly, each word in your passphrase
has log_2 7776 = 12.9 bits of entropy. Five words give you 64 bits,
ten words 129 bits. The nice thing is: all security is in the random
selection. The list itself can be known to an attacker, it's still
12.9 bits per word.
[1] http://world.std.com/~reinhold/diceware.html
-- Ernst-Udo Wallenborn
- Next message: Shadow: "pop-ups"
- Previous message: John Jordan: "Re: Restricting Program Downloads and Installation"
- In reply to: Lawrence DčOliveiro: "Re: Strong Passwords Revisited"
- Next in thread: Lawrence DčOliveiro: "Re: Strong Passwords Revisited"
- Reply: Lawrence DčOliveiro: "Re: Strong Passwords Revisited"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
