[8266] in cryptography@c2.net mail archive
Re: migration paradigm (was: Is PGP broken?)
daemon@ATHENA.MIT.EDU (Albert P. Belle Isle)
Mon Dec 11 18:52:41 2000
Message-Id: <3.0.5.32.20001211123037.0099c590@pop.ma.ultranet.com>
Date: Mon, 11 Dec 2000 12:30:37 -0500
To: "Arnold G. Reinhold" <reinhold@world.std.com>
From: "Albert P. Belle Isle" <belleisl@CerberusSystems.com>
Cc: <cryptography@c2.net>
In-Reply-To: <v04210100b65963246921@[24.218.56.92]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 12:12 PM 12/10/2000 -0500, you wrote:
>
-------------------------------- snip ---------------------------------------
>
>Finally, I'd like to see software that employs passphrases offer to
>suggest a passphrase, rather than let the poor user sort through all
>the conflicting -- and often bad -- advice that is out there. After
>all, any public key system has to have a good source of true
>randomness. And if you don't trust that software, you shouldn't be
>giving it you passphrase under any circumstances.
>
>Arnold Reinhold
>
>
Arnold:
Document Security Manager has offered a 14 bits-per-word, known-entropy
nonsense-phrase generator in the Professional version's "change passphrase"
function for quite some time. See
http://www.CerberusSystems.com/INFOSEC/products/docusec.htm
It simply uses its ANSI X9.17c keystream generator to generate addresses
for an included 16K-word dictionary, similar to your Diceware concept. It's
hardly rocket science, and users seem to find it helpful in an unburdensome
way.
Albert P. BELLE ISLE
Cerberus Systems, Inc.
================================================
ENCRYPTION SOFTWARE with
Forensic Software Countermeasures
http://www.CerberusSystems.com
================================================
