At 05:05 PM 04/30/2000 -0700, Steve Reid wrote:
>Below is some sample output. The amount of entropy per passphrase should
>be more than 89 bits, or almost the same as seven Diceware words.
>However, if you generate N passphrases and pick the one that is easiest
>to remember then you should subtract log2(N) bits from your entropy
>estimate (assume an adversary knows how to try passphrases in order of
>easiest-to-remember to hardest-to-remember).
Is it really necessary to protect against an attack that orders the phrases
according to how easy they are to remember? Clearly, a practical brute
force attack against the passphrases must be automated. But I don't know of
an algorithm for assessing the "memorability" of a passphrase. If there
were, I assume you'd use it to reject less appealing phrases, right?
Rick.
[EMAIL PROTECTED]
