Re: Diceware Passphrase... so impractical

From: "nemo_outis" <abc@xxxxxxx>
Date: 23 Aug 2006 04:15:10 GMT

"jinx28" <nunu284@xxxxxxxxx> wrote in news:1156266130.790173.52400
@p79g2000cwp.googlegroups.com:

Okay, I'm a new PGP user(for about 3 months now) and I am using a
diceware passphrase. My problem is I can't seem to remember my
passphrase because it just doesn't make any sense. So my passphrase is
written somewhere in my room thus it is being compromised. I mean how
is one expected to remember a passphrase that is like for example
cleftcamsynodlacyyr. I understand that your passphrase becomes more
secure when using the diceware list but I personally think that the
diceware method is impractical. What do you guys think(those who use a
diceware passphrase)? Do you remember your passphrases?

Jinx

I use a mnemonic method inspired by the sort of syntactically correct
quasi-sense quasi-nonsense sentences that are occasionally used to clog
up newsgroups.

Sentences (passphrases) of the form

A purple aardvark cavorts in a grotto of kumquat rinds.

are both memorable and unlikely to occur naturally.

It takes considerable skill to do this without undue bias. The sentence
should also be considerably longer than the example above to have
strength comparable to the strength of the PGP hash/encryption
algorithms. I guesstimate the entropy as 1.5 bits/character (but I don't
count characters in short and connective words including most
prepositions such as the, an, I, in, with, etc. The sentence above is
about a 60-bitter using this method.

It wouldn't hurt to throw in some gratuitous capitalization and even some
other non-alphabetic characters between words (or perhaps use two
characters between words). I'll let you estimate how many entropy bits
that might add.

Regards,

.

References:
- Diceware Passphrase... so impractical
  - From: jinx28

Prev by Date: Re: CRC question
Next by Date: Re: Ciphers and their effect on the size of data
Previous by thread: Re: Diceware Passphrase... so impractical
Next by thread: Re: Diceware Passphrase... so impractical
Index(es):
- Date
- Thread

Relevant Pages

Re: Intruder in my wireless network? / intrusion detection programs
... Password/phrase strength is defined in terms of entropy, ... The advantage of a passphrase of random real words is that it's ... characters to achieve the same level of entropy as a password of random ... James Bond and the NSA ARE NOT trying to hack your network. ...
(alt.internet.wireless)
Re: Intruder in my wireless network? / intrusion detection programs
... Password/phrase strength is defined in terms of entropy, ... The advantage of a passphrase of random real words is that it's ... characters to achieve the same level of entropy as a password of random ... "To provide adequate protection against the most serious threats... ...
(alt.internet.wireless)
Re: Intruder in my wireless network? / intrusion detection programs
... Password/phrase strength is defined in terms of entropy, ... characters to achieve the same level of entropy as a password of random ... But if sufficient extra characters are used a passphrase of ... "To provide adequate protection against the most serious threats... ...
(alt.internet.wireless)
Re: Hashing methods for giant keys
... >> How many unique output hash results can there be in the digest of SHA ... >characters that are written down which means you are anyway in trouble. ... I am using the passphrase to protect a key file. ... digits worth of entropy in them. ...
(sci.crypt)
Re: Secure passwords?
... > characters and has misspelled words. ... entropy decreases dramatically; I have heard it say that ... word, and simple misspellings with about 4 bits of entropy per word, we ... How likely is my "weak" passphrase below will be entered in three ...
(alt.computer.security)