From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 16 Nov 1995 06:50:48 +0800
To: cypherpunks@toad.com
Subject: Re: Repeated Words/characters in Password/Phrase
Message-ID: <199511152225.OAA07177@ix5.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


>Do repeated words in a PGP passphrase make the pass phrase less secure than
>a passphrase without any repeated words?  And on the same note, do repeated
>letters in a UNIX password make that password easier to break? I can't seem
>to find anything in my books on cryptography that mention this.  Thanks.

As always, it depends on the attacks people can make on your system.
For Unix password files, the cyphertext is often available, the plaintext is
known,
and the key (your password) is known to be eight or fewer characters.  
If there's reasonable suspicion that your password contains multiples of one 
or more characters, and that they're mostly letters, you're toast against a 
good brute-force attack, because the search space is fairly small.
Using, say, a pair of 4-letter words is an even worse idea...

For PGP passphrases, the cyphertext is generally unavailable, but assuming
you're dealing with Bad Guys resourceful enough to try to crack your passphrase,
they've probably got the file.  The plaintext may be partially known (PGP data
files have some structure; RTFM to find out how much) and partially unknown 
(your secret key) but guesses can be validated (slowly).  The structure of the 
IDEA key is that your passphrase is hashed by MD5, and the 128-bit output
used as an IDEA key to encrypt the formatted secret key.  Since brute-forcing
IDEA with the 128-bit MD5 output is unrealistic, the alternative is to feed
candidate keys through the whole process.  So how much entropy does your
passphrase have,
and how many guesses are they willing to attempt?  How much does word-repeating
affect it?  How much entropy depends on your taste in passphrases, your
creativity,
and how much you're willing/able to memorize without resorting to writing it
down.

The MD5 effectively limits entropy to 128 bits, but you can cram as much as
you want
into the passphrase and MD5 will crunch it all down, so repeated words can only
cause problems if they make you decide you've got enough entropy in the
passphrase
before you do.  If your passphrase is "FOO BAR", and you're known to be a
programmer,
lengthening it to "FOO FOO BAR BAR BAR Skidoo" may improve it some, though
it's not
as good as "Eric Woodruff Kintetsu Espada 1145 Lutheran", to pick six words
drawn
randomly from the Tri-Valley phone book.  But if you eliminate obvious material,
and word-doubling lets you pick a more complex passphrase than you might
have otherwise
used, go ahead - it's not going to make the MD5 any more attackable.
#--
#				Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281