Re: Safe password?

JP LR <fake.address@voila.fr> wrote on Sun, 25 Dec 2005 20:31:11 +0100:
> "Luc The Perverse" <sll_noSpamlicious_z_XXX_m@cc.usu.edu> a ?crit dans le
> message de news:43aec400$0$7748$3a2ecee9@news.csolutions.net...
>>
>> If 96 characters are permitted and you choose them randomly then the
>> number of bits of entropy from your password can be calculated with
>> this simple formula.
>>
>> (ln (96^16)) / ln 2 or about 105 bits.
>>
> I disagree, because you can use dictionnaries to attack your password.
> 2000 words is enough to read a newspaper.
> As words are 5 characters long on the average, there are 3 or 4 words in a
> 16 characters.
> So the formula is more or less 2000^5, which is sghlitly more than 50 bits.
> A far worse result than 105 bits.
>
> Indeed if you use rare words, you will probably need a 20,000 words
> dictionnary which will give a key of 70 bits.
>
> To protect against dictionnary attacks, do not use spaces or take only the
> first letter of every words of a passphrase.

Or, as stated in the message you're replying to -- pick the characters
in the password *randomly*.

-- 
David Taylor