Entropy in ascii-armored output?

Mark H. Wood mwood at IUPUI.Edu
Mon Aug 1 16:00:14 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 29 Jul 2005, Chris De Young wrote:
> Some people have started to suggest that actually writing down passwords, if
> they're kept in a secure place, might not be a bad idea; the rationale is that
> passwords which can be considered "good" are reaching the point of being
> un-memorizable.

http://www.adel.nursat.kz/apg/

I find many FIPS-181 "words" to be significantly more memorable than
unconstrained strings of random printables and they should be reasonably
strong if they're not too short.  VMS' SET PASSWORD/GENERATE command
supposedly uses this method and has been in the field for many years.

If you need a really long secret you could always make up a "sentence" of
shorter FIPS-181 "words".  It might be easier to remember than one long
string.

- -- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Open-source executable:  $0.00.  Source:  $0.00  Control:  priceless!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQFC7irzs/NR4JuTKG8RAgXWAJwKRWGGmCltgG3Sv/evhXTPSsfAwQCfbt94
T0O4dbanNLPhpcfPvxnKYoo=
=RvlX
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list