[Q] Diceware password size

Daniel Carrera dcarrera@math.umd.edu
Tue May 27 21:28:01 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 27, 2003 at 05:46:42AM -1000, Denis McCauley wrote:

> In reality it's not that simple, I think.=20
> First, an attacker must know that Diceware was used. Otherwise he would
> try a dictionary attack with a much large word base.
> Second, there are two Diceware word lists (in English), which would mean
> combining the two and having more than 7776 possibilities.
> Third, you can include spaces between the words, or not, which would
> double the search time.

Yes, I know.  But it is best to be overly pesimistic about how much the=20
attcker knows.  The whole point of diceware is that even if the attacker=20
knows *everything* about how you made your passphrase, he or she will not=
be able to obtain it.

The idea is to stablish an lower bound on the safety of my passphrase.

Daniel Carrera         | OpenPGP fingerprint:
Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
UMD  (301) 405-5137    | http://www.math.umd.edu/~dcarrera/pgp.html

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.2 (SunOS)