[4167] in cryptography@c2.net mail archive
RE: PGP compromised on Windows 9x?
daemon@ATHENA.MIT.EDU (David R. Conrad)
Mon Feb 8 16:07:01 1999
Date: Mon, 8 Feb 1999 14:11:08 -0500 (EST)
From: "David R. Conrad" <drc@adni.net>
To: trgarner@yta.attmil.ne.jp
Cc: cryptography@c2.net
In-Reply-To: <000001be535a$18f00de0$67c1e0ca@default>
On Mon, 8 Feb 1999, Tom Garner wrote:
> I say that it is TIME for programmers to QUIT giving us ... the
> opportunity to choose a passphrase that can be easily guessed....
> Isn't it possible w/out degrading any further on PGP's side the ability to
> have someone enter a passphrase and its either scrambled, or rejected for
> having "English words" in it?
Why would you reject it because it has "English words" in it? It's quite
ironic that you said this in response to a message from Arnold Reinhold in
which he mentioned his Diceware package[1]. Anyone using it correctly
ends up with a passphrase that has plenty of entropy but is composed of
words so that it's easy to remember. (My own passphrase was chosen in
this way (plus I added a few punctuation characters, changed some spelling
a bit, and interpolated a few small 'helper' words -- making it even
easier to remember, and adding a few more bits of entropy) and it has, at
a conservative estimate, over 180 bits of entropy (14 words chosen from
the diceware wordlist).)
Your other suggestion, for PGP to scrable the passphrase, simply won't
work. It's impossible to transform the passphrase and increase the
entropy in it.
But what you imply, that PGP (and other programs that request passwords
and passphrases from the user) should be more picky in what it accepts, is
an excellent idea. Of course, it's impossible to force the user to choose
a good passphrase, but requiring no fewer than, say, 12 characters that
look 'random' (upper, lower, digits, and punctuation), or no fewer than 30
characters that look 'regular' (English text) would not be a bad idea.
I saw elsewhere that PGP 6 estimates the entropy of a passphrase as the
user types it. Anyone know what criteria they use?
[1]:
> >| ... the Diceware page http://world.std.com/~reinhold/diceware.html
> >| ...
> >| Arnold Reinhold
David R. Conrad <drc@adni.net> PGP keys (0x1993E1AE and 0xA0B83D31):
DSS Fingerprint20 = 9942 E27C 3966 9FB8 5058 73A4 83CE 62EF 1993 E1AE
RSA Fingerprint16 = 1D F2 F3 90 DA CA 35 5D 91 E4 09 45 95 C8 20 F1
Note: Due to frequent spam abuse, I accept no email from *.da.uu.net.
