Entropy in ascii-armored output?
Mark H. Wood
mwood at IUPUI.Edu
Mon Aug 1 16:00:14 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 29 Jul 2005, Chris De Young wrote:
> Some people have started to suggest that actually writing down passwords, if
> they're kept in a secure place, might not be a bad idea; the rationale is that
> passwords which can be considered "good" are reaching the point of being
> un-memorizable.
http://www.adel.nursat.kz/apg/
I find many FIPS-181 "words" to be significantly more memorable than
unconstrained strings of random printables and they should be reasonably
strong if they're not too short. VMS' SET PASSWORD/GENERATE command
supposedly uses this method and has been in the field for many years.
If you need a really long secret you could always make up a "sentence" of
shorter FIPS-181 "words". It might be easier to remember than one long
string.
- --
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Open-source executable: $0.00. Source: $0.00 Control: priceless!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/
iD8DBQFC7irzs/NR4JuTKG8RAgXWAJwKRWGGmCltgG3Sv/evhXTPSsfAwQCfbt94
T0O4dbanNLPhpcfPvxnKYoo=
=RvlX
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list