passphrase or random characters the safest
Per Tunedal Casual
pt at radvis.nu
Tue May 31 23:13:56 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
At 20:58 2005-05-30, you wrote:
>"Roscoe" <eocsor at gmail.com> wrote:
>> Lets say there are about 100000 words in your dictionary. Lets also
>> say there are about 100 different characters on your keyboard.
>> Now for password of random characters we would need:
>> log(340282366920938463463374607431768211456)/log(100) 20 chars.
>> For a password of random words we would need:
>> log(340282366920938463463374607431768211456)/log(100000) 8 words.
>> So I'm going to have to disagree with your 5 words is better then 20
>> letters. Even if we use a 500000 word dictionary (eg: the number in
>> the OED) then thats still 7 words.
>> Now, thats with randomly picked words. If you want to have some
>> coherence to your string of words then thats only going to increase
>> the number of words needed.
>If you want to use words, then I would suggest that you select them from
>different languages. Then the attacker will have to use a very large
>dictionary, one containing all words from all languages, if she or he
>don't know or can't guess from witch languages you have selected your
>words. This kind of passphrase will still be relatively vulnerable to a
>brute force attack, since the attacker can limit the characters used in
>the attack to letters, so throwing in a few special characters between the
>words is a good idea.
Thank you Oskar for this idea - it's new to me. Increasing the search space
by using several languages is a very easy way to improve the security of a
passphrase or a collection of random words. Some one who wants to do some
calculations? What about say 1, 2, 3, 4 and 5 languages. How many random
words are needed to match a 128 bit key?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
Comment: Vad är en PGP-signatur? www.clipanish.com/PGP/pgp.html
-----END PGP SIGNATURE-----
More information about the Gnupg-users