[Q] Diceware password size
Tue May 27 21:28:01 2003
Content-Type: text/plain; charset=us-ascii
On Tue, May 27, 2003 at 05:46:42AM -1000, Denis McCauley wrote:
> In reality it's not that simple, I think.=20
> First, an attacker must know that Diceware was used. Otherwise he would
> try a dictionary attack with a much large word base.
> Second, there are two Diceware word lists (in English), which would mean
> combining the two and having more than 7776 possibilities.
> Third, you can include spaces between the words, or not, which would
> double the search time.
Yes, I know. But it is best to be overly pesimistic about how much the=20
attcker knows. The whole point of diceware is that even if the attacker=20
knows *everything* about how you made your passphrase, he or she will not=
be able to obtain it.
The idea is to stablish an lower bound on the safety of my passphrase.
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
-----END PGP SIGNATURE-----