There is no limit on the length of a passphrase,
Robert J. Hansen
rjh at sixdemonbag.org
Wed Oct 22 14:15:13 CEST 2008
John W. Moore III wrote:
> Robert is a professional Mathematician and actually _loves_ Numbers.
I'm a software engineer nowadays, although my college degrees are on the
math-heavy side of theoretical computer science. I think it's fair to
call me a mathematician, but I'm not sure I can be said to do it
professionally.
> You _will_ learn if You read/study the Answer from a Guy who buys gas
> and I'm sure occasionally says to the Cashier "gimme a Quick Pick on
> the Fantasy 5" knowing full well that the odds of winning are a
> gazillion to 1.
Actually, there's a funny story about the last time I did that. I was
delivering a paper on destructive visual cryptography, and was stumbling
around to find a 'feelie' to distribute to the profs to make it more
tangible for them. Then I figured it out: scratch-off lottery tickets,
appropriately marked up. That led to my last lottery purchase.
> entropy? CPRNG? glyph? Please bear in mind that this is a 'public'
> List and if at all possible Post in 'laymen's terms' or risk
> confusing Every One else who reads this forum. All the terms/words
> are valid but without Full explanation You are attempting to benefit
> without 'sharing' with everyone else. [soapbox put away]
Sorry -- explanations follow.
Entropy is uncertainty, represented as the logarithm base-two of how
many possibilities there are. For a random person, their driver's
license has either 'M' or 'F' as your sex, so they have one bit (log2 of
2) of entropy (uncertainty) in their gender.
(Fun fact: you can tell mathematicians apart from computer
scientists by asking them for the fundamental unit of
entropy. A CS guy will say the 'bit'. A math guy will
say the 'nat'. The mathematics version of entropy is
found by computing the natural log of the possibilities,
not the log-base-2 of the possibilities. Hence, 'nat'.
There are about 1.44 bits per nat.)
A good passphrase will have 64+ bits of entropy. A great passphrase
will have 128 bits. There's not much point beyond that.
Glyph = one symbol in a language. It could be a single English letter,
a single Chinese ideogram, or a single Hangul phoneme. The more glyphs
in your passphrase, the more entropy you have (usually). English
accumulates about 1.5 bits of entropy per glyph.
CSPRNG = cryptographically secure pseudorandom number generator. An
algorithm that spits out random-looking garbage. Different from a PRNG,
in that a cryptanalyst can often "break" (learn how to predict) PRNG
outputs; but CSPRNGs are hardened against these attacks.
More information about the Gnupg-users
mailing list