From: jamesd@echeque.com
Date: Fri, 18 Apr 1997 23:43:18 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: FCPUNX:Passphrase entropy
Message-ID: <199704190641.XAA16744@proxy3.ba.best.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:04 PM 4/18/97 -0700, Steve Schear wrote:
> If this is true then how much passphrase entropy is enough to thwart, 
> for example, an NSA crack attempt?  Seems to me it needs to be equal 
> to or greater than the encryption key. What are some good, practical 
> ways of achieving this?

Long keys or random keys.

Suppose you need 80 bits of entropy.

If your passphrase is truly random, for example
        9kDt3fagWxglr
You have about six bits a character, so you only need 
thirteen characters.

If, however, your pass phrase is an intelligible english 
sentence, for example
        Wandering past Saint Ives, I saw many fine buildings covered in ivy
across the road.
You only have about one bit per character, so you need an 
eighty character sentence.

If your passphrase is a short intelligible english phrase, 
as most of them are, it will succumb to a dictionary attack.
 ---------------------------------------------------------------------
              				|  
We have the right to defend ourselves	|   http://www.jim.com/jamesd/
and our property, because of the kind	|  
of animals that we are. True law	|   James A. Donald
derives from this right, not from the	|  
arbitrary power of the state.		|   jamesd@echeque.com