|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Wed, 10 Feb 1999 16:17:48 -0500 (EST) From: "David R. Conrad" <drc@adni.net> To: cryptography@c2.net In-Reply-To: <v03130302b2e5f5da6f4e@[24.128.119.92]> On Tue, 9 Feb 1999, Arnold G. Reinhold wrote: > 1. PGP should suggest a passpharse to the user when a new key pair is > generated. PGP already has a trusted source of randomness. Why not offer a > passphrase? There could be a choice of formats --Diceware words, random > syllables, random letters -- and strengths (5 Diceware words provide 64 bit > of entropy, 6 words 77 bits, 7 words 90 bits). The user could, of course, > choose to enter his own passphrase. I think the best thing would be to display about 10 - 20 random diceware words and let the user construct a phrase out of them that (s)he finds reasonably easy to recall. For instance: dwarf nutmeg ale delta cb tans riot saint polka "nutty meg and the saint caused a dwarf polka riot" This has at least 64 bits of entropy, and probably a lot more (but the rest is hard to measure). Or even, "... the saint of ale ...." "nutty meg and the saint of ale caused a dwarf polka riot" -- I'm almost sorry I wasted that one by posting it here. :-) Combine this with the suggestion of a "training mode" and perhaps the idea of writing down only part of the phrase, and it should be easy for most users to remember much better passphrases. (BTW, the author of one message erred when he said that the training mode, if it continued for several days, would have to keep the passphrase in long term storage during that period. The way to do it is: the user enters the passphrase twice, and then is urged to practice typing it until they feel comfortable with it. After that, they can practice it but are simply told that it's wrong if they get it wrong (as currently happens without any long term storage). If they manage to forget it within the first few days, they simply generate a new key and start over. If they succeed in memorizing it, only then do they upload their public key to the keyservers.) I'm beginning to wonder if I'm actually human, since I had no trouble learning my 14-diceware-word, 180+ bit (and probably a lot more; see above) passphrase, and just in the last few days learned a second, 11 word phrase, for a second, less important key. I can't help but think these people just aren't trying very hard. > 2. PGP should burn computer time hashing the passphrase. While you cannot > increase the entropy of a passphrase with an algorithm, you can make > exhaustive search far more difficult. Be careful; CRC's are based on division by polynomials, and if you actually did them that way they would be slow, yet as we all know there are far faster routes to the same destination. The suggestion of using an iterated hash, instead of a function designed to maximize the resource usage, may be hardware-speed-uppable and embarrassingly parallelizable, but it's much less likely that someone could find an equivalent, simpler calculation. > 3. PGP should be available on a bootable CD-ROM for the major platforms. As others have pointed out, no one would reboot to use PGP. 'Nuff said. David R. Conrad <drc@adni.net> PGP keys (0x1993E1AE and 0xA0B83D31): DSS Fingerprint20 = 9942 E27C 3966 9FB8 5058 73A4 83CE 62EF 1993 E1AE RSA Fingerprint16 = 1D F2 F3 90 DA CA 35 5D 91 E4 09 45 95 C8 20 F1 Note: Due to frequent spam abuse, I accept no email from *.da.uu.net.
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |