[Q] Diceware password size

[Brian Minton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, May 27, 2003 at 05:46:42AM -1000, Denis McCauley wrote:
> Third, you can include spaces between the words, or not, which would
> double the search time.

Yes, but this is not completely true.  For instance, without spaces,
some passphrases are equivalent: consider the following extremely insecure
two-word passphrases
the mice
them ice

now, if an attacker tries one of these, w/o spaces, the other one is free.
This decreases the potential number of passphrases.  It is therefore
reccomended to use spaces.

- -- 
Brian Minton             |    OpenPGP fingerprint:     
brian@minton.name        |    81BE 3A84 A502 ABDD B2CC
http://brian.minton.name |    4BFD 7227 8820 5703 7472   
Live long, and prosper longer!       KeyID: 0x57037472
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+0/2HcieIIFcDdHIRAphkAKDQDCbXy0VOXOrpfgqjXzsX04qKBACfZlIl
qwP27SnHNbrHH+htgS+zIfI=
=4Ul/
-----END PGP SIGNATURE-----