[arch-general] How long do you make the passphrase for the private key?

Ralf Mardorf silver.bullet at zoho.com
Tue Jun 25 10:54:44 UTC 2019


On Tue, 2019-06-25 at 12:41 +0200, Bennett Piater wrote:
> 
> On 2019-06-25 12:11, Ralf Mardorf via arch-general wrote:
> > Six words are just six words out of an assessable vocabulary.
> > 
> > "This level of unpredictability assumes that a potential attacker knows
> > that Diceware has been used to generate the passphrase, knows the
> > particular word list used, and knows exactly how many words make up the
> > passphrase." - https://en.wikipedia.org/wiki/Diceware
> > 
> 
> You seem to be misunderstanding that statement.

I'm not, from the same email you are quoting incomplete:

"13 rAnd0.m_C?arS are probably less secure, than 13 random words,
because even an illiterate human knows more words, than we have got keys
on a keyboard. This is indeed speaking pro Diceware :)."

So I agree, that Diceware seems to be the best method without using
special hardware.

The comment of my follow-up email, is just a joke:

"OTOH if I should talk in my sleep, it would be easier for my fraudulant
girlfriend Mata Hari to catch words, than the (not enough, to modern
security standards) random chars I'm using at the moment."


More information about the arch-general mailing list