Eric Rescorla wrote: > That said, it's not clear how these results apply to passwords. > The entropy of short chunks of text is lower.
No. The entropy of short chunks of text, without syntax, is higher. Grammatical text is more redundant. Frequency vocabulary is different from dictionary vocabulary, too -- words people use in speech are shorter. Passphrases such as those used in S/Key BE SIR WITH EASY RUBY RUBY GAIL FOND FEE YANG FACE SLOG COT KEN WIRE DARE STAY EYED CHOU MOOD LOW ORR MAGI BILK BEEF OWN KERR ROSY UTAH VEAL LAIN ICON NECK HAST JEFF GRAY BEE HAUL TUNA TERM WELT BOO SOME PUT PEA SEEN GO TWIN FADE GUST TIN SOME FLAG OFF GLIB BOAR CASK SILL SIN ARTS etc. consist of six words chosen from a dictionary of 2048. 2048^6 = 2^66. It gets better, of course, if you use them as one-time passwords. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]