Security of message when private key is exposed but password isn't?

Brian Minton minton@csc.smsu.edu
Sun Sep 1 23:48:02 2002


--tKW2IUtsqtDRztdT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 28, 2002 at 02:18:08PM +0200, Adrian 'Dagurashibanipal' von Bid=
der wrote:
> With normal english text, you gain about 1 bit entropy per character. If
> you are a bit careful, but still want to have a typeable and memorizable
> password, I'd guess you won't go far beyound 4 or 5 bits per
> character[1], so at least a 25 characters long password would be
> necessary. Even with a purely random password, if you're restricting
> yourself to typeable characters you won't have much more than 6 bit
> entropy (you'll probably want to avoid non-ascii characters to avoid
> interoperation problems).

I reccomend diceware... roll some dice, get a true random passphrase using
english words (easy to remember after typing several times) and you can get
12.92 bits per word, so a 5 word passphrase has 64 bits of entropy.  for 128
bits, you need 10 words, etc.

--=20
Brian Minton
minton@csc.smsu.edu
Caution: in case of rapture, this computer will be unoccupied!
PGP 0xE177AFF0 fingerprint AB94 E395 78CE 0967 2542 A7B3 178C 3E66 E177 AFF0

--tKW2IUtsqtDRztdT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9coq4cieIIFcDdHIRAjMGAKDj7vzFom0CfdklOFQNKLJk6F4PhACg6Kyz
4S0YV6Sy+8H2vPYHzjgpNA0=
=YlK2
-----END PGP SIGNATURE-----

--tKW2IUtsqtDRztdT--