Security of message when private key is exposed but password isn't?

Konrad Podloucky
Wed Aug 28 15:00:02 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2002-08-28 at 14:18, Adrian 'Dagurashibanipal' von Bidder wrote:
> With normal english text, you gain about 1 bit entropy per character. If
> you are a bit careful, but still want to have a typeable and memorizable
> password, I'd guess you won't go far beyound 4 or 5 bits per
> character[1], so at least a 25 characters long password would be
> necessary. Even with a purely random password, if you're restricting
> yourself to typeable characters you won't have much more than 6 bit
> entropy (you'll probably want to avoid non-ascii characters to avoid
> interoperation problems).
on a related note:
"[...] Remember, though, that there are only about 1.4 bits of
randomness per character in standard English. You're going to want at
least an 64-character passphrase to make this secure; I recommend at
least 80 characters, just in case. Sorry; you just can't get good
security with a shorter key.[...]" (from Bruce Schneier's "The Solitaire
Encryption Algorithm"

Personally I like to use quotes, stupid riddles or passages from books
as passphrases (it's pretty easy to remember phrases with a length of
100 characters that way).

"Life," said Marvin dolefully, "loathe it or ignore it, you can't like
it."      --Douglas Adams, "The Hitchhiker's Guide to the Galaxy"

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part