[arch-general] How long do you make the passphrase for the private key?
Ralf Mardorf
silver.bullet at zoho.com
Tue Jun 25 10:11:23 UTC 2019
On Tue, 2019-06-25 at 11:29 +0200, Bennett Piater wrote:
> On 2019-06-25 11:09, Ralf Mardorf via arch-general wrote:
> > On Tue, 25 Jun 2019 09:35:53 +0100, Ralph Corderoy wrote:
> > > Are you familiar with https://xkcd.com/936/ ?
> >
> > Too funny, that is the method I described and while I was writing my
> > email, you posted that cartoon. However, even this suffers from the
> > pitfall, that it is not that easy to use this mnemonic as described by
> > the cartoon.
>
> I use diceware passphrases for my master passwords (login, hardware
> encryption, GPG, password manager) and they are much easier to remember
> than normal (safe) passwords.
Randomly open a dictionary and then randomly pointing on a word,
repeating this a few times, is one way for an artist to get an
inspiration.
I wonder how safe it is to use such a method to generate a passphrase.
To remember words, they must be from the languages, the user is able to
understand and to write and the amount of the vocabulary must be within
the range of the educational background.
Six words are just six words out of an assessable vocabulary.
"This level of unpredictability assumes that a potential attacker knows
that Diceware has been used to generate the passphrase, knows the
particular word list used, and knows exactly how many words make up the
passphrase." - https://en.wikipedia.org/wiki/Diceware
Google already "guesses" that women are pregnant, before the women have
got the slightest idea that they are pregnant.
To guess that somebody does use Diceware or something similar is not
hard to do. You already mentioned this on this mailing list. Probably
you are not exactly doing it by exactly the method mentioned by the
Wiki, but likely by a similar method. Humans tend to follow patterns, a
savant syndrome computer expert probably more, than an averaged user ;).
13 rAnd0.m_C?arS are probably less secure, than 13 random words, because
even an illiterate human knows more words, than we have got keys on a
keyboard. This is indeed speaking pro Diceware :).
More information about the arch-general
mailing list