Eric Rescorla wrote:

> That said, it's not clear how these results apply to passwords.
> The entropy of short chunks of text is lower. 

No. The entropy of short chunks of text, without syntax, is
higher.  Grammatical text is more redundant.  Frequency vocabulary
is different from dictionary vocabulary, too -- words people use
in speech are shorter.

Passphrases such as those used in S/Key

BE SIR WITH EASY RUBY RUBY
GAIL FOND FEE YANG FACE SLOG
COT KEN WIRE DARE STAY EYED
CHOU MOOD LOW ORR MAGI BILK
BEEF OWN KERR ROSY UTAH VEAL
LAIN ICON NECK HAST JEFF GRAY
BEE HAUL TUNA TERM WELT BOO
SOME PUT PEA SEEN GO TWIN
FADE GUST TIN SOME FLAG OFF
GLIB BOAR CASK SILL SIN ARTS

etc.

consist of six words chosen from a dictionary of 2048. 2048^6 = 2^66.
It gets better, of course, if you use them as one-time passwords.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to