passphrase or random characters the safest

Per Tunedal Casual pt at radvis.nu
Tue May 31 23:13:56 CEST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 20:58 2005-05-30, you wrote:
 >"Roscoe" <eocsor at gmail.com> wrote:
 >
 >> Lets say there are about 100000 words in your dictionary. Lets also
 >> say there are about 100 different characters on your keyboard.
 >>
 >> Now for password of random characters we would need:
 >> log(340282366920938463463374607431768211456)/log(100) 20 chars.
 >>
 >> For a password of random words we would need:
 >> log(340282366920938463463374607431768211456)/log(100000) 8 words.
 >>
 >> So I'm going to have to disagree with your 5 words is better then 20
 >> letters[1]. Even if we use a 500000 word dictionary (eg: the number in
 >> the OED) then thats still 7 words.
 >>
 >> Now, thats with randomly picked words. If you want to have some
 >> coherence to your string of words then thats only going to increase
 >> the number of words needed.
 >
 >If you want to use words, then I would suggest that you select them from
 >different languages. Then the attacker will have to use a very large
 >dictionary, one containing all words from all languages, if she or he
 >don't know or can't guess from witch languages you have selected your
 >words. This kind of passphrase will still be relatively vulnerable to a
 >brute force attack, since the attacker can limit the characters used in
 >the attack to letters, so throwing in a few special characters between the
 >words is a good idea.
 >
 >Oskar
 >


Thank you Oskar for this idea - it's new to me. Increasing the search space
by using several languages is a very easy way to improve the security of a
passphrase or a collection of random words. Some one who wants to do some
calculations? What about say 1, 2, 3, 4 and 5 languages. How many random
words are needed to match a 128 bit key?

Per Tunedal

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html

iD8DBQFCnNOwpPsTvNtsBX8RAnBAAJ0dz2yUa69nJZPvinUqdJj2D1yzpwCeO2cX
8jhYR3PFYtGpkBcbDFwkX2w=
=gn9N
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list