[ale] OT - making really strong pass phrases - was New encryption technology using a piece of paper

Derek Atkins warlord at MIT.EDU
Wed Sep 7 13:01:32 EDT 2011


Ron Frazier <atllinuxenthinfo at c3energy.com> writes:

> characters becomes 26^4 = 456,976 rather than 2048.  In the case of 
> gibberish characters in every character slot, still lower case, the 
> number of permutations for 24 characters becomes 26^24 = 9.107 x 10^33.  
> So, what I was getting at was that if you have 24 characters of random 
> gibberish, the attacker will have to try up to approximately 1 x 10^14 
> times more random permutations (the difference between 10^19 and 10^33) 
> to hit on your password.

Ah, but the problem is that remembering 24 random characters is even
harder than remembering 8 pseudo-random characters!  If you want to have
random you might as well use a full-blown AES128 key.  However the point
here is to be easy for a human to remember, and humans can't memorize
random numbers.

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available


More information about the Ale mailing list