1996-07-21 - Re: Length of passphrase beneficial?

Header Data

From: Erle Greer <vagab0nd@sd.cybernex.net>
To: cypherpunks@toad.com
Message Hash: 5823b0a05b06fb942b3fbd385a61d2617a0607f06b839b71b10919bb0e47510d
Message ID: <2.2.32.19960721190841.0069e654@mail.sd.cybernex.net>
Reply To: N/A
UTC Datetime: 1996-07-21 21:32:26 UTC
Raw Date: Mon, 22 Jul 1996 05:32:26 +0800

Raw message

From: Erle Greer <vagab0nd@sd.cybernex.net>
Date: Mon, 22 Jul 1996 05:32:26 +0800
To: cypherpunks@toad.com
Subject: Re: Length of passphrase beneficial?
Message-ID: <2.2.32.19960721190841.0069e654@mail.sd.cybernex.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:51 PM 7/21/96 -0400, you wrote:
>
>Erle Greer writes:
>> I have a 2048-bit PgP key and pseudorandom a/n character
>> generator, from which I chose a large passphrase similar to:
>> 
>> f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne
>> (Yes, cut-n-paste, but my only in-house threat is my wife.)
>> 
>> Actual Question:
>> Does the length and randomness of a passphrase contribute at all
>> to the overall security of a cryptosystem?
>
>The passphrase only does one thing for you, which is protect your
>keyring in case someone gets it. Since you keep the passphrase on
>line, you are actually less secure than if you used a memorable
>phrase.
>
>BTW, since the passphrase is used to hash into an IDEA key, more than
>128 bits of input entropy would be wasted.
>
>Perry
>
Good point.  Another bad thing about keeping the passphrase on-line is
that I would have to trasport the passphrase on floppy if I required
portability.  Depending on how important my information may be, I
could possible be carrying my whole life on a floppy.  I see now that
it is better to just memorize a phrase.

Thanks!
vagab0nd@sd.cybernex.net
http://ww2.sd.cybernex.net/~vagab0nd/index.html
Visit web page for public key.






Thread