There is no limit on the length of a passphrase,

John W. Moore III jmoore3rd at bellsouth.net
Wed Oct 22 05:58:38 CEST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Robert J. Hansen wrote:
> Morton D. Trace wrote:
>> Dear list readers I just found this article.
> 
> Be careful of anything you get off the internet.  This article is not
> especially good.

Mega Dittos!  [I know this sounds like Rush Limbaugh 'listener-speak'
but it is _all_ too TRUE!]

>> Calculating the entropy of a password is here well explained,
>> I don't know if it is mathematically correct,
> 
> [shrugs]  Yes.  No.

Understand what [shrugs] really means.....You are proposing a
mathematical challenge to a List that is really more focused upon
facilitating the 'concerned User'.  Robert is a professional
Mathematician and actually _loves_ Numbers.  If You truly want
mathematics then Email Robert direct.  Stand By to Stand By:  He will
Reply and address You as a mathematical Equal.  Fair Warning:  HE's GOOD!

He fills His refrigerator, however, the same way You & I do....He earns
a paycheck from someone who likes the way He applies His brain.  Ya
gotta understand that whenever You ask a Question that deals with
'Random Chance' Robert is gonna seriously consider it as a valid
Question form a knowledgeable/teachable Interrogator.  You _will_ learn
if You read/study the Answer from a Guy who buys gas and I'm sure
occasionally says to the Cashier "gimme a Quick Pick on the Fantasy 5"
knowing full well that the odds of winning are a gazillion to 1.

> The reality is that very few people let a CSPRNG spit out a base-64
> password for them to remember (six bits of entropy per glyph).  They're
> hard to remember.  Good passphrases are easy to remember but hard to
> guess, which means they need to be rather large pieces of text.

entropy?  CPRNG?  glyph?  Please bear in mind that this is a 'public'
List and if at all possible Post in 'laymen's terms' or risk confusing
Every One else who reads this forum.  All the terms/words are valid but
without Full explanation You are attempting to benefit without 'sharing'
with everyone else.  [soapbox put away]

> Per Shannon's estimates, there are roughly 1.5 bits per glyph of English
> text.
> 
>> one unicode character has approx three times the entropy as one ascii
>> character.


Agreed!  Gotta A-S-K again; Who are You attempting to 'share with?


>> I'd really like to see UTF-8 supported in GnuPG and be able to type some
>> characters from my keyboard,
> 
> UTF8 is supported.  However, your OS may not support it.  That's an
> OS-level issue, not a GnuPG issue.  My Mac supports UTF-8 just fine,
> including exotics like "circled ideograph wood".

What O/S are You using?  MUA?

>> and additionally select some cool unicode letters from a language only I
>> know.
> 
> If only you know it, then kiss randomness goodbye.  Someone who wants to
> attack your passphrase will focus their attack on symbols from languages
> you know.  The only defense is to pick randomly.

"only I know"?  Then it ain't a Language!  Language presupposes that
Others speak it among themselves.  Either it is completely 'Random' or
it is available for a Social Engineering attack.

>> Can GnuPG accept UTF-8 Characters as passphrase input?
> 
> Depends on your OS.

Short Answer = YES

> Yes, but this is a case of buying a few hundred yards of rope just to
> make _sure_ you have enough with which to hang yourself.

I would say that a Man who jumps off of an 80 Story building thinks He
is 'flying' for 79 stories.  It is always the 'sudden stop' that is
painful & permanent!

No 'HTH' here simply because I don't care.  I do believe that everyone
is entitled to a 'Bad Attitude' day.  :-\

JOHN ;)
Timestamp: Tuesday 21 Oct 2008, 23:58  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4845: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJI/qTpAAoJEBCGy9eAtCsPCfUH/Aqk7xLt+YBZpiXwUFwd1jk+
UGKHBDsGttgg5LOKuob89wt/aoerrMlz3gOrjLpMiQ2oeLxtlnOQtxfTnU5YOkHd
Z3N5Yfuqdidv0WNds3iLWi5cj0rpo03eV7uTukAM8JiFO3QDKKV5P6STqxuyOw2j
2OPSUuuaKEx10Yv15UjQccl/DiLIRUDLpjp7kCDw16IRYOPr5Mjs4bP7UWSn1AuF
dmQC/Mi/FA0y0kYPbLeZoHXcCinvGRdif2HLTtnlLBz/8pzico3C6crJRKFROsTo
tXcUpAvsqHWz1OdFLYBT0df8wX6WYcbaqa8UGv2Jr3VnCvgTB/6GEyH+qfbVkog=
=0p/t
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list