Re: Memorisable/handwriteable/typeable key styles

Peter Fairbrother wrote:

> Got it it? A really Heavyweight adversary. Maximum strength crypto!
assuming then that the goal is to have the passphrase no longer be the
'weak' link

and then assuming that the choice will be between 128 bit and 256 bit
symmetric algorithms

> The keys will have to be randomly allocated rather than chosen by the user,
> although the user should be in complete control of the "allocator"

this can be done with dicethrows,

allowing both upper and lower case letters,
but not numbers or other characters,

this leaves 52 characters,
which can be randomly selected,
by using a throw of 3 dice per character

2^128 is about 3.40 x 10^38

the smallest n for 52^n to exceed this, turns out to be 23
( 52^22 ~= 5.65 x 10^37 < 3.40 x 10^38 < 2.93 x 10^39 ~= 52^23

a 23 letter string to equal the 'link' strength of a 128 bit
symmetrical algorithm,
and a 46 letter string for a 256 bit one

might need some creative mnemonic construction ;-),
but should be do-able,

the existing diceware list, of 7776 words,
requires only 10 words
( 7776^10 ~= 8.08 x 10^38)
for a 128 bit algorithm

but as you point out,
has words that are difficult to remember how to spell,
and may be more difficult to remember as a random string of 10 words,
than a well ordered mnemonic might be for 23 words