[6986] in cryptography@c2.net mail archive
Re: Automatic passphrase generation
daemon@ATHENA.MIT.EDU (Rick Smith)
Tue May 2 16:09:40 2000
Message-Id: <3.0.3.32.20000502101414.00ac7100@mailhost.sctc.com>
Date: Tue, 02 May 2000 10:14:14 -0500
To: Steve Reid <sreid@sea-to-sky.net>, coderpunks@toad.com
From: Rick Smith <rick_smith@securecomputing.com>
Cc: cryptography@c2.net
In-Reply-To: <20000430170511.A666@grok.localnet>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 05:05 PM 04/30/2000 -0700, Steve Reid wrote:
>Below is some sample output. The amount of entropy per passphrase should
>be more than 89 bits, or almost the same as seven Diceware words.
>However, if you generate N passphrases and pick the one that is easiest
>to remember then you should subtract log2(N) bits from your entropy
>estimate (assume an adversary knows how to try passphrases in order of
>easiest-to-remember to hardest-to-remember).
Is it really necessary to protect against an attack that orders the phrases
according to how easy they are to remember? Clearly, a practical brute
force attack against the passphrases must be automated. But I don't know of
an algorithm for assessing the "memorability" of a passphrase. If there
were, I assume you'd use it to reject less appealing phrases, right?
Rick.
smith@securecomputing.com
