about cartoon in FAQ 10.1. 'Correct, horse! Battery staple!'
Peter Lebbing
peter at digitalbrains.com
Thu Dec 24 17:50:47 CET 2015
Hello,
> Correct, horse! Battery staple!
My understanding is that these words in such a passphrase are chosen by
a random number generator in a computer. I use such a passphrase; I've
let my computer pick words out of a word list based on reading
/dev/random; or actually, I'm fairly sure I used GnuPG to generate the
randomness. I didn't let it generate four words; I let it generate a few
more until some combination of four words emerged that I could somehow
memorize. It is not a phrase, it is non-grammatical, it just has
something to it that makes it such that I can remember. The amount of
entropy each word contains is close to the amount of choice there is in
picking a word from the word list; i.e., base-2 log of the number of
words in the word list if you express it in bits.
> Und allein dieser Mangel und nichts anderes führte zum Tod.
This is grammatical. There is a subject (or two), a verb, an.. well
whatever those things are like "zum Tod", I don't often discuss grammar
in any other language than Dutch so I forgot the technical terms.
Furthermore, the phrase actually makes sense semantically. I don't know
if somebody ever said or wrote it; that would make it even worse, since
a passphrase cracker could try sentences from a corpus of likely texts
it has scoured from the internet.
It has grammar, it has semantics, it has a proper meaning. All these
things go at the expense of its entropy. Whereas a few words that only
make enough sense to be memorizable have loads of entropy, as the
cartoon expresses. "Memorizability" is not easily quantified when you
write a password cracker. It's almost a Turing test in a way. What you
want to avoid is that there is a a pattern that a password cracker can
look for. Replacing an i with a 1 (one) is a horribly little amount of
extra entropy that serves more to make it difficult for you than that
one little extra try that a password cracker has to do matters.
> i.e. some phrasing which could be memorized better?
I don't think I can ever make myself forget Correct horse, battery
staple! :)
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list