Security of message when private key is exposed but password isn't?

Konrad Podloucky konrad@crunchy-frog.org
Wed Aug 28 15:00:02 2002


--=-utDBpDrkgB0ae1p8/0GS
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2002-08-28 at 14:18, Adrian 'Dagurashibanipal' von Bidder wrote:
>[...]
>=20
> With normal english text, you gain about 1 bit entropy per character. If
> you are a bit careful, but still want to have a typeable and memorizable
> password, I'd guess you won't go far beyound 4 or 5 bits per
> character[1], so at least a 25 characters long password would be
> necessary. Even with a purely random password, if you're restricting
> yourself to typeable characters you won't have much more than 6 bit
> entropy (you'll probably want to avoid non-ascii characters to avoid
> interoperation problems).
>=20
on a related note:
"[...] Remember, though, that there are only about 1.4 bits of
randomness per character in standard English. You're going to want at
least an 64-character passphrase to make this secure; I recommend at
least 80 characters, just in case. Sorry; you just can't get good
security with a shorter key.[...]" (from Bruce Schneier's "The Solitaire
Encryption Algorithm" http://www.counterpane.com/solitaire.html)

Personally I like to use quotes, stupid riddles or passages from books
as passphrases (it's pretty easy to remember phrases with a length of
100 characters that way).

Cheers,
	KP
--=20
"Life," said Marvin dolefully, "loathe it or ignore it, you can't like
it."      --Douglas Adams, "The Hitchhiker's Guide to the Galaxy"

--=-utDBpDrkgB0ae1p8/0GS
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----

iD8DBQA9bMnwbMSf/LrLCGcRAopBAJ97/b1q+amd3ZFAvoD8chsTTXupoQCgid1A
QYqHlHfTWjIpa46iGSYMVX8=
=VDPz
-----END PGP SIGNATURE-----

--=-utDBpDrkgB0ae1p8/0GS--