Entropy in ascii-armored output?
Atom Smasher
atom at smasher.org
Sat Jul 30 07:44:41 CEST 2005
check out <http://diceware.com/>.
something like:
$ head -4 /dev/urandom | gpg --enarmor
will produce much better "random" output than encrypted output. encrypted
output can be filled with information that is not at all random, such as
partial body length headers.
of course, base64 is limited to little more than half of the characters
that you could be using on an english keyboard... let's say that there are
100 printable characters available on an english keyboard. (according to
my math) a 10 character password using only base64 characters can contain
up to 60 bits of entropy, but allowing 100 possible characters it can
contain almost 66.5 bits of entropy. using 20 characters, it's 120 bits
for base64 and almost 133 bits otherwise.
personally, i find diceware ~type~ passphrases easier to remember than
gibberish.
--
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"We have a saying in our company.
Our competitors are our friends.
Our customers are the enemy."
-- James Randall,
Archer Daniels Midland Corporation,
("ADM, Supermarket to the world")
quoted in Fortune magazine 4/26/99
More information about the Gnupg-users
mailing list