Diceware passphrase size
Daniel Carrera
dcarrera@math.umd.edu
Tue May 27 20:59:02 2003
--3V7upXqbjpZ4EhLz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, May 27, 2003 at 08:07:24AM -0700, vedaal@hush.com wrote:
> if you find it hard to type in a long diceware passphrase from the=20
> commandline without looking at it, then you might find this=20
> interesting:
Well, that's not the reason why I was asking. I do type pretty fast. I=20
want to quantify the security of my passphrase.
> http://www.angelfire.com/pr/pgpf/pass-strings.html
>=20
> it is a way of using a random string of characters rather than a collecti=
on
> of words,
>=20
> initially harder to remember, but once memorized, much easier to type
It's an interesting idea. However, the keys generated by this method are=20
hard to type because:
- You'd use the shift key for about half the characters.
- About 29% of the characters would be in in remote places of the
keyboard.
I thin it could be improved:
- If you disallow the shift-key, a 12-character password would
be equivalent to a 5-word diceware passphrase.
- If you disallow the top row also you'd need 13 characters.
- If you only allow lowercase letters you'd need 14 characters.
I'll think about this. My current passphrase has 35 characters. :)
On the other hand, I can type pretty fast. Maybe the extra memmory effort=
=20
is not worth the savings in typing time.
Thanks for the link.
--=20
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp.html
--3V7upXqbjpZ4EhLz
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
iD8DBQE+07XVnxE8DWHf+OcRAsY1AJ49mbfky7fdt4yMVjXibJRZadj3pwCg6oFC
e5V6X54GOedrNNtlzkAOypA=
=fdst
-----END PGP SIGNATURE-----
--3V7upXqbjpZ4EhLz--