key security
Mike Touloumtzis
miket@bluemug.com
Thu Apr 11 18:53:02 2002
On Tue, Apr 09, 2002 at 06:14:23PM -0700, miket wrote:
>
> Assuming GPG's hash is sound: If a passphrase consists of _truly_ random
> characters from, say, a set of 64 printable characters such as the ones
> used for Base64 encoding, then each character contributes log_2(64) ==
> 6 bits to the entropy of the passphrase. So a 22-character passphrase
> using this approach represents 132 bits of entropy; thus at this point
> the passphrase is not the weak link in a 128 bit cryptosystem. You can
> generate passphrases like this very easily: just base64 encode chunks
> of /dev/random:
>
> $ head -c 22 /dev/random | uuencode -m -
To correct an error: this should be "head -c 16" (as another poster
suggested as well) for 128 bits of passphrase randomness. We want to
measure the randomness by what comes out of /dev/random, not what comes
out of uuencode.
miket