-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > Actually, the real concern in any such proposal is the entropy in the > original key. Schneier has asserted that an English phrase needs 60 (I > think) characters before it has enough entropy to be secure. Keys based > on filename syntax may be a little bit better, but not much.
1.6 bits per byte, so for a 128 bit key, so about 80 characters, or a full line. Using filenames is actually *worse* since we aren't using spaces and we have a lot of redundant data such as the 'audio/mpeg' or the like on the front. Plus we can use dictionary attacks. This is why I disagree with using the text key as any basis for the encryption. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4/9dgpXyM95IyRhURAkNcAJ9ODV8pTCHhqavssjOeFVNuY37/UgCfQBSD E1BNlltrVqp/ZVB8oxiaDhA= =OobP -----END PGP SIGNATURE----- _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
