[Q] Diceware password size
Daniel Carrera
dcarrera@math.umd.edu
Tue May 27 21:28:01 2003
--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, May 27, 2003 at 05:46:42AM -1000, Denis McCauley wrote:
> In reality it's not that simple, I think.=20
>=20
> First, an attacker must know that Diceware was used. Otherwise he would
> try a dictionary attack with a much large word base.
>=20
> Second, there are two Diceware word lists (in English), which would mean
> combining the two and having more than 7776 possibilities.
>=20
> Third, you can include spaces between the words, or not, which would
> double the search time.
Yes, I know. But it is best to be overly pesimistic about how much the=20
attcker knows. The whole point of diceware is that even if the attacker=20
knows *everything* about how you made your passphrase, he or she will not=
=20
be able to obtain it.
The idea is to stablish an lower bound on the safety of my passphrase.
Cheers,
--=20
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp.html
--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
iD8DBQE+07yMnxE8DWHf+OcRAt07AJ9582/A7cUlDMJBxKFeDjKvE0WQ6gCgoAQI
UX3Q/UODUBgDQXSh+F4A0/k=
=/0bo
-----END PGP SIGNATURE-----
--Kj7319i9nmIyA2yE--