Diceware passphrase size

Daniel Carrera dcarrera@math.umd.edu
Tue May 27 20:59:02 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 27, 2003 at 08:07:24AM -0700, vedaal@hush.com wrote:

> if you find it hard to type in a long diceware passphrase from the=20
> commandline without looking at it, then you might find this=20
> interesting:

Well, that's not the reason why I was asking.  I do type pretty fast.  I=20
want to quantify the security of my passphrase.

> http://www.angelfire.com/pr/pgpf/pass-strings.html
> it is a way of using a random string of characters rather than a collecti=
> of words,
> initially harder to remember, but once memorized, much easier to type

It's an interesting idea. However, the keys generated by this method are=20
hard to type because:
   - You'd use the shift key for about half the characters.
   - About 29% of the characters would be in in remote places of the

I thin it could be improved:

  - If you disallow the shift-key, a 12-character password would
    be equivalent to a 5-word diceware passphrase.

  - If you disallow the top row also you'd need 13 characters.

  - If you only allow lowercase letters you'd need 14 characters.

I'll think about this.  My current passphrase has 35 characters. :)
On the other hand, I can type pretty fast.  Maybe the extra memmory effort=
is not worth the savings in typing time.

Thanks for the link.

Daniel Carrera         | OpenPGP fingerprint:
Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
UMD  (301) 405-5137    | http://www.math.umd.edu/~dcarrera/pgp.html

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.2 (SunOS)