"Roscoe" <[EMAIL PROTECTED]> wrote: > Lets say there are about 100000 words in your dictionary. Lets also > say there are about 100 different characters on your keyboard. > > Now for password of random characters we would need: > log(340282366920938463463374607431768211456)/log(100) 20 chars. > > For a password of random words we would need: > log(340282366920938463463374607431768211456)/log(100000) 8 words. > > So I'm going to have to disagree with your 5 words is better then 20 > letters[1]. Even if we use a 500000 word dictionary (eg: the number in > the OED) then thats still 7 words. > > Now, thats with randomly picked words. If you want to have some > coherence to your string of words then thats only going to increase > the number of words needed.
If you want to use words, then I would suggest that you select them from different languages. Then the attacker will have to use a very large dictionary, one containing all words from all languages, if she or he don't know or can't guess from witch languages you have selected your words. This kind of passphrase will still be relatively vulnerable to a brute force attack, since the attacker can limit the characters used in the attack to letters, so throwing in a few special characters between the words is a good idea. Oskar _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
