Bill Royds wrote: > > On 5-May-08, at 03:55 , Wolf Canis wrote: > >> There are infinite possibilities. That's the trick. Not the length of a >> password is >> decisive but the quality. The quality of your password decides how much >> effort is necessary to hack it. > > Unfortunately that is not true. Since most systems use a single byte > for each character in a passphrase There are only 2^(8*n) bits in an n > character passphrase. > So there are only 64 bits in an 8 character password, which can be > cracked quite quickly using rainbow tables for any password. That's right, but I think there is a misunderstanding. The quote on which you refers, refers not to the bit depiction but to the possibilities to create _and_ remember passwords and if one wants a 50 character long password - with the method, which I as example described, it's possible. If you can good remember fairy tales, for example, than I would suggest that you use this ability. What I try to say is, that every user have to develop his/her own individual method. > > The real problem is allowing multiple attempts to crack the passphrase > and this only occurs if your secret keyring is available to the cracker. > > Basically, any password you can remember is easy to crack, so don't > let the keyring ever be in a position for someone to try. That's absolutely true and I assumed that the secret keyring is _not_ available to the cracker. If a cracker has the opportunity to conduct multiple, perhaps unlimited, attempts - than nothing is secure.
Hopefully I could clarify this. W. Canis
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
