From: “Perry E. Metzger” <perry@piermont.com>
To: Erle Greer <vagab0nd@sd.cybernex.net>
Message Hash: e83e40b9199bd412d38bff2e1640d4adc86cf8f2d859adcdab88e838200997b5
Message ID: <199607211851.OAA10237@jekyll.piermont.com>
Reply To: <2.2.32.19960721172615.006e6a64@mail.sd.cybernex.net>
UTC Datetime: 1996-07-21 21:16:18 UTC
Raw Date: Mon, 22 Jul 1996 05:16:18 +0800
From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 22 Jul 1996 05:16:18 +0800
To: Erle Greer <vagab0nd@sd.cybernex.net>
Subject: Re: Length of passphrase beneficial?
In-Reply-To: <2.2.32.19960721172615.006e6a64@mail.sd.cybernex.net>
Message-ID: <199607211851.OAA10237@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain
Erle Greer writes:
> I have a 2048-bit PgP key and pseudorandom a/n character
> generator, from which I chose a large passphrase similar to:
>
> f4VnI1G1mGcwTZ1vGoyPwN4NLojF8Ee9ff1aicOGn87x0nwwHhJUo6XSYKEawRne
> (Yes, cut-n-paste, but my only in-house threat is my wife.)
>
> Actual Question:
> Does the length and randomness of a passphrase contribute at all
> to the overall security of a cryptosystem?
The passphrase only does one thing for you, which is protect your
keyring in case someone gets it. Since you keep the passphrase on
line, you are actually less secure than if you used a memorable
phrase.
BTW, since the passphrase is used to hash into an IDEA key, more than
128 bits of input entropy would be wasted.
Perry
Return to July 1996
Return to “Rich Burroughs <richieb@teleport.com>”