David Schwartz wrote:
transport anyway (ever met a human who can remember a 128 bit secret key
without keeping notes?).
Actually, human beings can trivially remember secrets with the eqivalent of
128-bits or more. For example:
Approximate Bits: Phrase:
140 y doth h3 4sake Me?
110 ! oppose the deth penalty
96 1 like big BUTZ
90 Fr33dom N0w!
Yes, I stand corrected. That's what I get for exaggerating when trying
to make a point.
You are absolutely correct; the point I wanted to drive home is that one
should
(a) consider using pass phrases (like each of your examples, nice ones
by the way) instead of passwords/pin codes to improve the security quality
(b) consider the security impact of each element (including homo sapiens
him/herself) in the chain instead of concentrating on one part only.
It's all about the weakest link.
I hope I didn't screw up the rest of my arguments in that message too.
Ger
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
