Mortimer Graf zu Eulenburg
Thu May 30 10:32:01 2002
Regardless of quality http://www.cnlab.ch/pwcheck/ provides a rough check
and gives you hint how long it would take to brute-force the phrase with a
Pentium 1 Gig.
They also analyse the phrase if it consists of well known words or often
Hope it helps, the site is in German but well understandable for english
->Von: firstname.lastname@example.org [mailto:email@example.com]Im
->Auftrag von Ryan Malayter
->Gesendet: Mittwoch, 29. Mai 2002 19:01
->An: jed mallen; firstname.lastname@example.org
->Betreff: RE: (no subject)
->-----BEGIN PGP SIGNED MESSAGE-----
->From: jed mallen [mailto:email@example.com]
->>A passphrase-strength-analyzer anyone?
->This is nearly impossible, unless the method for generating the pass
->phrase is known, or a standard method for pass phrase generation,
->like the one at www.diceware.com, is used.
->For example, the pass phrase "Ryan is great" isn't very high-quality
->if it's mine, since my first name is Ryan. If it's your pass phrase,
->the pass phrase is a bit better, but still no better than 53 bits of
->entropy: 3*log2(250000). This is because there are about 250000
->English words, and you're using three of them.
->If your pass phrase is composed of random characters, the formula for
->bit strength is simple: N*log2(M), where N is the number of
->characters in the passphrase, and M is the number of allowed
->characters. For a U.S. keyboard and a 12 character passphrase, this
->works out to about 12*log2(95), or 79 bits of entropy - about
->equivalent to the 1024-bit private key it protects.
->A fanatic is one who can't change his mind and won't change the
-> -Sir Winston Churchill
->-----BEGIN PGP SIGNATURE-----
->Version: GnuPG v1.0.6-2 (MingW32) - WinPT 0.5.7
->Comment: For info see http://www.gnupg.org
->-----END PGP SIGNATURE-----
->Gnupg-users mailing list