From: "E. Allen Smith" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Sat, 22 Feb 1997 00:22:00 -0800 (PST)
To: stewarts@ix.netcom.com
Subject: Re: IDEA/Strength?
Message-ID: <01IFP9X27J408Y52G0@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"stewarts@ix.netcom.com"  "Bill Stewart" 22-FEB-1997 03:05:51.28

>At 04:21 PM 2/21/97 -0500, Alec wrote:
>>Is the strength, or lack thereof, of conventional PGP encryption
>>proportional to the length of the conventional password?

>Sure, up to 128 bits of entropy.  Go check out pgpcrack.  

	Another way to put it is that the length places a _maximum_
on the entropy; no more than 7 bits (unless PGP's interface can
deal with control/etcetera keys) minus a fractional bit (for
characters like delete) per character. Of course, simply expanding
a passphrase of "a" to "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" won't do you much good... but
most non-pathological passphrases will expand in entropy as they
expand in length. (There is the consideration, however, that a
lengthy passphrase may need to be in alphabetical characters,
as opposed to alphanumeric, due to human memory limitations. If
you didn't/don't have that, then even a completely random
over-19-character long passphrase (enough to be more than 128
effective bits going in) could be of assistance; greater length
makes it more likely that someone observing you will miss
enough of the passphrase to make a search impractical.)
	-Allen