Regarding passphrases, the problem with using a short story is that your own bias tends to weaken it. For instance, many people think of a popular phrase e.g. "one does not simply walk into mordor". Some journalists might use a phrase from their own work. So the solution is Diceware. You get entropy, from rolling a die to get groups of 5 numbers (64-bit). You then match these numbers to a publicly-available list. The words are then easy to remember, if you think of a story, and anything over 6 words is thought to be unbreakable by brute-forcing all combinations of characters. It is easy to remember passphrases with 8 letters, and within reason to remember passphrases with 20, 30 or 40 words if you can think of it in terms of a series of stories. I recommend 6 words for user and root passwords, and at least 8, preferably 10 for encryption.
http://world.std.com/~reinhold/diceware.htm

Reply via email to