[ale] OT - making really strong pass phrases - was New encryption technology using a piece of paper

Geoffrey Myers lists at serioustechnology.com
Wed Sep 7 08:15:28 EDT 2011


Michael H. Warfield wrote:
> On Tue, 2011-09-06 at 16:44 -0400, Ron Frazier wrote: 

>> Permutations for words: 4096^6 = 2^72 = 4.722 x 10^21
>>     Permutations for 5 digits / symbols between words: 43^5 = 147.008 x 10^6
> 
> Ah...  That's the whole point.  Yes you can go down this road and add
> complexity (and misery) to the process but you can accomplish the same
> task by adding words that are easy to read and process and much easier
> to support.
> 
> Do the math again for 8 words.  88 bits of entropy.
> 
> At one time, 64 bit encryption was considered industrial strength.  DES
> was 56 bits.  66 bits of entropy is 2^10 times stronger than single DES.
> Do we consider it to be cryptographically secure?  Hell no...
> 
> You want AES strength, you need 12 words.  132 bits of entropy.
> 
> You can always add numbers and symbols and upper and lower case as you
> feel.  The questions are...  "What does it buy you?"  "What does it cost
> you?"  "Is it necessary?"  "Is it sufficient?"

I should do the math, but I'm lazy, not incapable.  Just thought I'd 
throw out the solution I've used and recommend.  First off, I use 
passwords that are 15+ characters, and my approach is pretty easy to 
recall.  Take a sentence that means something to you, or a couple of 
sentences.  Take the first letter of each word, include punctuation and 
throw in some character substitutions.  Such as:

I have two brothers, four sisters, one daughter and we live all over the 
country.

Ih2b,4s,1dawlaotc.

Somehow, me thinks Michael will rip this to shreds.. ;)

-- 
Until later, Geoffrey

"I predict future happiness for America if they can prevent
the government from wasting the labors of the people under
the pretense of taking care of them."
- Thomas Jefferson


More information about the Ale mailing list