[arch-general] How long do you make the passphrase for the private key?

mpan archml-y1vf3axu at mpan.pl
Tue Jun 25 09:53:11 UTC 2019

> "IMO an averaged "strong" but still memorizable passphrase, even when
> following obsolet rules, is ok."
  But we do not need to follow any obsolete rules anymore.

> In a follow-up email unfortunately send after your reply, I exactly
> describe the apartment door scenario.
  Which I have indirectly answered before you have sent it. With the
second paragraph of my message. The comparison to the apartment door
can’t be extended further, because an important difference appears.
Better physical security costs a lot more and even now we’re sitting at
the edge of the dimishing returns abyss. That’s exactly the reason why
Yale decided to stop locks wars in 19th century and promoted pin tumbler
locks as good enough. But the analogy to the lock doesn’t extend well,
when it comes to information security. The costs have different nature
and, as it happens, right now everyone can employ good security at
approximately the same cost as the “not too horrible” solutions.

  You are trying to argue, that it is OK to use pin tumbler locks in
wooden doors, while everyone can — at nearly the same price — acquire
10-inch steel gates with scifi eye scanners and a private army to defend
the gate.⁽ᵗⁱⁿʸ ᵉˣᵃᵍᵍᵉʳᵃᵗⁱᵒⁿ⁾ ;)

  With Diceware, as an example, you randomly choose 5 words and have a
60-bit password. Why even bother with obsolete rules?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20190625/623fea89/attachment.sig>

More information about the arch-general mailing list