Re: Passphrase strength, is this right?

Author	All Replies
dantz join:2005-05-09 Honolulu, HI	reply to Jack Morgan Re: Passphrase strength, is this right? Sounds like you are considering a variation of the Diceware Passphrase approach. You should check out this page: »world.std.com/~reinhold/diceware.html
dantz join:2005-05-09 Honolulu, HI	to forum · permalink · · 2007-01-06 11:21:54 ·
Anon users	...... 1500 words means ~ 2^~10 bit of randomess, thus a 5 word from 'that dict' means ~ 2^53 bit of security Given 2^~72 bit of security (RSA200 challenge) CAN be broken within 5 MONTHS with a array of computers... a 2^55 bit of security CAN BE BROKEN within 1/2 MIN!!! BUT it is NOT THAT BAD compared to COMMON 8 chars of Upper/Lower Case + Numbers ONLY to log in to your WEBMAIL... it has 2^~45 bit of security only... Just imagine...
Anon users	to forum · permalink · 2007-01-08 04:59:52 ·
mysec Premium join:2005-11-29	reply to dantz said by dantz : »world.std.com/~reinhold/diceware.html I couldn't get this link to open. I'll try again later... -rich
mysec Premium join:2005-11-29	to forum · permalink · · 2007-01-08 07:29:25 ·
dantz join:2005-05-09 Honolulu, HI ·Hawaiian Telcom	said by mysec : said by dantz : »world.std.com/~reinhold/diceware.html I couldn't get this link to open. I'll try again later... -rich The link is still good. You can also type in »diceware.com and it will take you there. Diceware uses a 7,776 word dictionary. Ordinary dice are used as a random-number generator in order to select each word that will be included in the passphrase. In my opinion, it's a highly effective system as well as a very clever solution to the problem of users failing to select high-quality passwords/passphrases. I especially like the use of dice as a random-number generator, as opposed to the pseudo-random numbers that most computers provide. The advantage of using the Diceware method is that you can quickly and easily create strong passwords that can actually be remembered. However, this advantage quickly begins to fade if you need to remember more than one or two passwords, as human memory has its limits. (Maybe we need to add more RAM!) I use KeePass to generate and store all of my passwords, and these are applied using copy/paste operations so I don't have to remember them or type them in, nor could I. (%kjC7UqOIBb'=&dc/w0,i*3Pwa}43 can barely be typed correctly on the first try, let alone remembered). All I have to know is my master password and the location of the keyfile. I suppose Diceware would be a good way to generate my master password, but I'm already using another system for that.
dantz join:2005-05-09 Honolulu, HI ·Hawaiian Telcom	to forum · permalink · · 2007-01-08 17:13:45 ·


Wednesday, 02-Dec 00:14:11	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF