AW: Passphrasecheckwebsites

Mortimer Graf zu Eulenburg
Thu May 30 10:32:01 2002

Regardless of quality provides a rough check
and gives you hint how long it would take to brute-force the phrase with a
Pentium 1 Gig.

They also analyse the phrase if it consists of well known words or often
used characters.

Hope it helps, the site is in German but well understandable for english


->-----Ursprüngliche Nachricht-----
->Von: []Im
->Auftrag von Ryan Malayter
->Gesendet: Mittwoch, 29. Mai 2002 19:01
->An: jed mallen;
->Betreff: RE: (no subject)
->Hash: SHA1
->From: jed mallen []
->>A passphrase-strength-analyzer anyone?
->This is nearly impossible, unless the method for generating the pass
->phrase is known, or a standard method for pass phrase generation,
->like the one at, is used.
->For example, the pass phrase "Ryan is great" isn't very high-quality
->if it's mine, since my first name is Ryan. If it's your pass phrase,
->the pass phrase is a bit better, but still no better than 53 bits of
->entropy: 3*log2(250000). This is because there are about 250000
->English words, and you're using three of them.
->If your pass phrase is composed of random characters, the formula for
->bit strength is simple: N*log2(M), where N is the number of
->characters in the passphrase, and M is the number of allowed
->characters. For a U.S. keyboard and a 12 character passphrase, this
->works out to about 12*log2(95), or 79 bits of entropy - about
->equivalent to the 1024-bit private key it protects.
->	-ryan-
->A fanatic is one who can't change his mind and won't change the
->        -Sir Winston Churchill
->Version: GnuPG v1.0.6-2 (MingW32) - WinPT 0.5.7
->Comment: For info see
->Gnupg-users mailing list