There is no limit on the length of a passphrase,
John W. Moore III
jmoore3rd at bellsouth.net
Wed Oct 22 05:58:38 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Robert J. Hansen wrote:
> Morton D. Trace wrote:
>> Dear list readers I just found this article.
> Be careful of anything you get off the internet. This article is not
> especially good.
Mega Dittos! [I know this sounds like Rush Limbaugh 'listener-speak'
but it is _all_ too TRUE!]
>> Calculating the entropy of a password is here well explained,
>> I don't know if it is mathematically correct,
> [shrugs] Yes. No.
Understand what [shrugs] really means.....You are proposing a
mathematical challenge to a List that is really more focused upon
facilitating the 'concerned User'. Robert is a professional
Mathematician and actually _loves_ Numbers. If You truly want
mathematics then Email Robert direct. Stand By to Stand By: He will
Reply and address You as a mathematical Equal. Fair Warning: HE's GOOD!
He fills His refrigerator, however, the same way You & I do....He earns
a paycheck from someone who likes the way He applies His brain. Ya
gotta understand that whenever You ask a Question that deals with
'Random Chance' Robert is gonna seriously consider it as a valid
Question form a knowledgeable/teachable Interrogator. You _will_ learn
if You read/study the Answer from a Guy who buys gas and I'm sure
occasionally says to the Cashier "gimme a Quick Pick on the Fantasy 5"
knowing full well that the odds of winning are a gazillion to 1.
> The reality is that very few people let a CSPRNG spit out a base-64
> password for them to remember (six bits of entropy per glyph). They're
> hard to remember. Good passphrases are easy to remember but hard to
> guess, which means they need to be rather large pieces of text.
entropy? CPRNG? glyph? Please bear in mind that this is a 'public'
List and if at all possible Post in 'laymen's terms' or risk confusing
Every One else who reads this forum. All the terms/words are valid but
without Full explanation You are attempting to benefit without 'sharing'
with everyone else. [soapbox put away]
> Per Shannon's estimates, there are roughly 1.5 bits per glyph of English
>> one unicode character has approx three times the entropy as one ascii
Agreed! Gotta A-S-K again; Who are You attempting to 'share with?
>> I'd really like to see UTF-8 supported in GnuPG and be able to type some
>> characters from my keyboard,
> UTF8 is supported. However, your OS may not support it. That's an
> OS-level issue, not a GnuPG issue. My Mac supports UTF-8 just fine,
> including exotics like "circled ideograph wood".
What O/S are You using? MUA?
>> and additionally select some cool unicode letters from a language only I
> If only you know it, then kiss randomness goodbye. Someone who wants to
> attack your passphrase will focus their attack on symbols from languages
> you know. The only defense is to pick randomly.
"only I know"? Then it ain't a Language! Language presupposes that
Others speak it among themselves. Either it is completely 'Random' or
it is available for a Social Engineering attack.
>> Can GnuPG accept UTF-8 Characters as passphrase input?
> Depends on your OS.
Short Answer = YES
> Yes, but this is a case of buying a few hundred yards of rope just to
> make _sure_ you have enough with which to hang yourself.
I would say that a Man who jumps off of an 80 Story building thinks He
is 'flying' for 79 stories. It is always the 'sudden stop' that is
painful & permanent!
No 'HTH' here simply because I don't care. I do believe that everyone
is entitled to a 'Bad Attitude' day. :-\
Timestamp: Tuesday 21 Oct 2008, 23:58 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4845: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage: http://tinyurl.com/yzhbhx
-----END PGP SIGNATURE-----
More information about the Gnupg-users