passphrase or random characters the safest

Roscoe eocsor at
Sat May 28 13:42:39 CEST 2005


A 128bit key has 340282366920938463463374607431768211456 possible combinations

Lets say there are about 100000 words in your dictionary. Lets also
say there are about 100 different characters on your keyboard.

Now for password of random characters we would need:
log(340282366920938463463374607431768211456)/log(100) =
20 chars.

For a password of random words we would need:
log(340282366920938463463374607431768211456)/log(100000) =
8 words.

So I'm going to have to disagree with your 5 words is better then 20
letters[1]. Even if we use a 500000 word dictionary (eg: the number in
the OED) then thats still 7 words.

Now, thats with randomly picked words. If you want to have some
coherence to your string of words then thats only going to increase
the number of words needed.

[1]: This is all pretty arbitary though, I mean your dictionary size
and number of keys on keyboard may well be different to mine so while
I disagree I'm not going to say I'm more right then you or that you
are wrong.

On 5/28/05, Per Tunedal Casual <pt at> wrote:
> Hash: SHA1
> Hi,
> I once again ponder over wether a passphrase is safer than a string of
> random characters.
> It's easy to compute the strength of a random string  of characters. About
> 20 - 25 characters (a-z, A-Z, 0-9 and special characters) would correspond
> to a 128-bit symmetric key.
> But what about a passphrase. Many people argue that a random looking
> password of the initials in a passphrase is fairly safe:  Byu!IAiw?Tai42 .
> But it could be attacked with a dictionary attack, "because it comes from
> real words". How safe is it then?
> A plain text sentence would be worse, because it would be more easily
> attacked, some people argue.
> But I read a discussion about TrueCrypt and someone argued:
> "You could create a "real sentence" from ANY randomly generated password,
> since any letter in the password could be the first letter of literally
> *thousands* of words. So how could a dictionary attack differentiate
> between the password mentioned above, and a truely random one?"
> I would argue that:
> 1.  Five (5) random words would be safer than a random string of 20
> characters. There are far more words than there are characters. The entropy
> for each word would be about 12.9 bits according to the diceware page
> . A character would have an entropy of 1.9.
> 2. In an ordinary sentence, each word would have an entropy of 1-1.4 bits.
> If we set the entropy to 1.2 we would need approximately 38.53/1.2 words =
> 32 Words, if the entropy is 1.4 only 27 words!
> Why so many words? Because words are easy to guess with help of the context.
> A passphrase of 10 words would be OK if the entropy was 3.9 - it must seem
> fairly random then. An entropy of 7.7 would make 5 words sufficient.
> I prefer passphrases because they are easier to remember than 20 random
> characters. True random words are slightly harder to remember than a phrase.
> Questions:
> How to make a short passphrase look random enough?
> How can I compute the strength (entropy)?
> Is experiments with live persons guessing passphrases the only way to
> compute the strength? Do you know of any such experiment? Or can you set up
> one at your university? It would be very interesting to compare different
> strategies of randomising the passphrase.
> Vänligen
> Per Tunedal
> Civ. ing. Civ. ek.
> S:t Mickelsgatan 148
> 129 44 Hägersten
> Telefon: 08-646 34 83
> Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
> Comment: Vad är en PGP-signatur?
> iD8DBQFCmCgBpPsTvNtsBX8RAiFDAJ499TQghIEUbyR+ww1cMD2hozAUjgCfQ5uN
> =YjoZ
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list