(no subject)

Ryan Malayter rmalayter@bai.org
Wed May 29 19:01:01 2002

Hash: SHA1

From: jed mallen [mailto:jedmallen@hotmail.com]=20
>A passphrase-strength-analyzer anyone?

This is nearly impossible, unless the method for generating the pass
phrase is known, or a standard method for pass phrase generation,
like the one at www.diceware.com, is used.

For example, the pass phrase "Ryan is great" isn't very high-quality
if it's mine, since my first name is Ryan. If it's your pass phrase,
the pass phrase is a bit better, but still no better than 53 bits of
entropy: 3*log2(250000). This is because there are about 250000
English words, and you're using three of them.

If your pass phrase is composed of random characters, the formula for
bit strength is simple: N*log2(M), where N is the number of
characters in the passphrase, and M is the number of allowed
characters. For a U.S. keyboard and a 12 character passphrase, this
works out to about 12*log2(95), or 79 bits of entropy - about
equivalent to the 1024-bit private key it protects.


A fanatic is one who can't change his mind and won't change the
        -Sir Winston Churchill=20

Version: GnuPG v1.0.6-2 (MingW32) - WinPT 0.5.7
Comment: For info see http://www.gnupg.org