-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 20:58 2005-05-30, you wrote: >"Roscoe" <[EMAIL PROTECTED]> wrote: > >> Lets say there are about 100000 words in your dictionary. Lets also >> say there are about 100 different characters on your keyboard. >> >> Now for password of random characters we would need: >> log(340282366920938463463374607431768211456)/log(100) 20 chars. >> >> For a password of random words we would need: >> log(340282366920938463463374607431768211456)/log(100000) 8 words. >> >> So I'm going to have to disagree with your 5 words is better then 20 >> letters[1]. Even if we use a 500000 word dictionary (eg: the number in >> the OED) then thats still 7 words. >> >> Now, thats with randomly picked words. If you want to have some >> coherence to your string of words then thats only going to increase >> the number of words needed. > >If you want to use words, then I would suggest that you select them from >different languages. Then the attacker will have to use a very large >dictionary, one containing all words from all languages, if she or he >don't know or can't guess from witch languages you have selected your >words. This kind of passphrase will still be relatively vulnerable to a >brute force attack, since the attacker can limit the characters used in >the attack to letters, so throwing in a few special characters between the >words is a good idea. > >Oskar >
Thank you Oskar for this idea - it's new to me. Increasing the search space by using several languages is a very easy way to improve the security of a passphrase or a collection of random words. Some one who wants to do some calculations? What about say 1, 2, 3, 4 and 5 languages. How many random words are needed to match a 128 bit key? Per Tunedal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959 Comment: Vad �r en PGP-signatur? www.clipanish.com/PGP/pgp.html iD8DBQFCnNOwpPsTvNtsBX8RAnBAAJ0dz2yUa69nJZPvinUqdJj2D1yzpwCeO2cX 8jhYR3PFYtGpkBcbDFwkX2w= =gn9N -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
