[Cryptography] Passwords are dying - get over it
Bill Frantz
frantz at pwpconsult.com
Tue Dec 24 18:27:30 EST 2013
On 12/24/13 at 1:36 PM, agr at me.com (Arnold Reinhold) wrote:
>You get 120-bits with 7 Diceware words and 30 bits of
>stretching, close enough to full 128-bit strength, and three
>words fewer than are needed without any key stretching, e.g.:
>
>hamlin jig cub naiad frey allyn pig
>
>Those three fewer words can make the difference between a
>passphrase that an ordinary person can remember and an burden
>most will shun. The vital role key stretching plays can be
>thought of as impedance matching crypto security systems to
>human memory capabilities.
This is a password that I will have to be entering every day or
write down. (I'm an old man and my memory isn't as good as it
used to be.) There are three words, hamlin, naiad, and allyn
that I, as a native English speaker can't define. (The spell
checker fails hamlin and allyn.) I'd have to learn to spell at
least two of them.
The need for entropy in passwords has already passed my
diminished abilities. If you're looking for universal adoption,
there's a problem.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Airline peanut bag: "Produced | Periwinkle
(408)356-8506 | in a facility that processes | 16345
Englewood Ave
www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos,
CA 95032
More information about the cryptography
mailing list