Which release should we be using?

David Tomaschik david at systemoverlord.com
Fri Aug 26 20:08:55 CEST 2011


On Fri, Aug 26, 2011 at 12:31 PM, Faramir <faramir.cl at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> El 26-08-2011 12:35, Aaron Toponce escribió:
> ...
>> Also, 62-character passphrase might be a bit extreme, giving you a
>> false-sense of security. Using a truly random sequence of characters
>> from the 94-printable ASCII pool of characters, a 12-character
>> passphrase provides you with about 78-bits of entropy. If you think
>
>  According to keepass strength measurer, you can get more than 128 bits
> with just 30 characters (including some symbols of course).
>
>  Usually we want strong passphrases to keep things safe while stored on
> not-so-safe places, like attached to an email message on a mail server.
>
>  Best Regards

I really like KeePass, but the strength measure it provides is nearly
meaningless.  It assumes 8 bits of entropy per symbol, which is, as
Aaron pointed out, wrong.  Suggested readings:
https://secure.wikimedia.org/wikipedia/en/wiki/Entropy_%28information_theory%29,
https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength and
NIST publication 800-63.


-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com



More information about the Gnupg-users mailing list