Re: Strong Passwords Revisited

From: Ernst-Udo Wallenborn (ernst-udo.wallenborn@freenet.de)
Date: 02/16/03


From: Ernst-Udo Wallenborn <ernst-udo.wallenborn@freenet.de>
Date: 16 Feb 2003 15:24:33 +0100


Lawrence DčOliveiro <ldo@geek-central.gen.new_zealand> writes:

> I thought of a sort of compromise idea: choosing a single random word
> from a dictionary is a bad idea, but what if you choose multiple random
> words?

That's exactly how diceware [1] works. A list of 7776 = 6**5 english
words, each with a number from 11111 to 66666. Like this:

      16655 clause
      16656 claw
      16661 clay
      16662 clean

You take a dice, throw it five times, look up the word. Repeat.
If you select the words truly randomly, each word in your passphrase
has log_2 7776 = 12.9 bits of entropy. Five words give you 64 bits,
ten words 129 bits. The nice thing is: all security is in the random
selection. The list itself can be known to an attacker, it's still
12.9 bits per word.

[1] http://world.std.com/~reinhold/diceware.html

-- 
Ernst-Udo Wallenborn


Relevant Pages

  • Re: Strong Passwords Revisited
    ... > from a dictionary is a bad idea, but what if you choose multiple random ... all security is in the random ... selection. ... The list itself can be known to an attacker, ...
    (comp.os.ms-windows.nt.admin.security)
  • Re: Strong Passwords Revisited
    ... > from a dictionary is a bad idea, but what if you choose multiple random ... all security is in the random ... selection. ... The list itself can be known to an attacker, ...
    (comp.security.misc)
  • Re: Strong Passwords Revisited
    ... > from a dictionary is a bad idea, but what if you choose multiple random ... all security is in the random ... selection. ... The list itself can be known to an attacker, ...
    (alt.computer.security)