-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Robert J. Hansen wrote: > Morton D. Trace wrote: >> Dear list readers I just found this article. > > Be careful of anything you get off the internet. This article is not > especially good.
Mega Dittos! [I know this sounds like Rush Limbaugh 'listener-speak' but it is _all_ too TRUE!] >> Calculating the entropy of a password is here well explained, >> I don't know if it is mathematically correct, > > [shrugs] Yes. No. Understand what [shrugs] really means.....You are proposing a mathematical challenge to a List that is really more focused upon facilitating the 'concerned User'. Robert is a professional Mathematician and actually _loves_ Numbers. If You truly want mathematics then Email Robert direct. Stand By to Stand By: He will Reply and address You as a mathematical Equal. Fair Warning: HE's GOOD! He fills His refrigerator, however, the same way You & I do....He earns a paycheck from someone who likes the way He applies His brain. Ya gotta understand that whenever You ask a Question that deals with 'Random Chance' Robert is gonna seriously consider it as a valid Question form a knowledgeable/teachable Interrogator. You _will_ learn if You read/study the Answer from a Guy who buys gas and I'm sure occasionally says to the Cashier "gimme a Quick Pick on the Fantasy 5" knowing full well that the odds of winning are a gazillion to 1. > The reality is that very few people let a CSPRNG spit out a base-64 > password for them to remember (six bits of entropy per glyph). They're > hard to remember. Good passphrases are easy to remember but hard to > guess, which means they need to be rather large pieces of text. entropy? CPRNG? glyph? Please bear in mind that this is a 'public' List and if at all possible Post in 'laymen's terms' or risk confusing Every One else who reads this forum. All the terms/words are valid but without Full explanation You are attempting to benefit without 'sharing' with everyone else. [soapbox put away] > Per Shannon's estimates, there are roughly 1.5 bits per glyph of English > text. > >> one unicode character has approx three times the entropy as one ascii >> character. Agreed! Gotta A-S-K again; Who are You attempting to 'share with? >> I'd really like to see UTF-8 supported in GnuPG and be able to type some >> characters from my keyboard, > > UTF8 is supported. However, your OS may not support it. That's an > OS-level issue, not a GnuPG issue. My Mac supports UTF-8 just fine, > including exotics like "circled ideograph wood". What O/S are You using? MUA? >> and additionally select some cool unicode letters from a language only I >> know. > > If only you know it, then kiss randomness goodbye. Someone who wants to > attack your passphrase will focus their attack on symbols from languages > you know. The only defense is to pick randomly. "only I know"? Then it ain't a Language! Language presupposes that Others speak it among themselves. Either it is completely 'Random' or it is available for a Social Engineering attack. >> Can GnuPG accept UTF-8 Characters as passphrase input? > > Depends on your OS. Short Answer = YES > Yes, but this is a case of buying a few hundred yards of rope just to > make _sure_ you have enough with which to hang yourself. I would say that a Man who jumps off of an 80 Story building thinks He is 'flying' for 79 stories. It is always the 'sudden stop' that is painful & permanent! No 'HTH' here simply because I don't care. I do believe that everyone is entitled to a 'Bad Attitude' day. :-\ JOHN ;) Timestamp: Tuesday 21 Oct 2008, 23:58 --400 (Eastern Daylight Time) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10-svn4845: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJI/qTpAAoJEBCGy9eAtCsPCfUH/Aqk7xLt+YBZpiXwUFwd1jk+ UGKHBDsGttgg5LOKuob89wt/aoerrMlz3gOrjLpMiQ2oeLxtlnOQtxfTnU5YOkHd Z3N5Yfuqdidv0WNds3iLWi5cj0rpo03eV7uTukAM8JiFO3QDKKV5P6STqxuyOw2j 2OPSUuuaKEx10Yv15UjQccl/DiLIRUDLpjp7kCDw16IRYOPr5Mjs4bP7UWSn1AuF dmQC/Mi/FA0y0kYPbLeZoHXcCinvGRdif2HLTtnlLBz/8pzico3C6crJRKFROsTo tXcUpAvsqHWz1OdFLYBT0df8wX6WYcbaqa8UGv2Jr3VnCvgTB/6GEyH+qfbVkog= =0p/t -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
