[Cryptography] Very best practice for RSA key generation

Tom Mitchell mitch at niftyegg.com
Thu Nov 7 11:56:34 EST 2019

On Wed, Nov 6, 2019 at 8:34 PM <jamesd at echeque.com> wrote:

> On 2019-11-06 03:58, Jon Callas wrote:
> > We have no idea what the best thing to do there would be. The intuition
> that less typing is more reliable is questionable -- assuming you agree
> with my assertion that four words is *easier* than fifteen hex digits. It
> might be that words from a larger list (and thus more unusual) might be
> more memorable than more commonly used words. Or it might not. We don't
> know. That's a lot of what James and I were talking about.


> One obvious solution is to have the permitted word list, a

How much does a permitted word list shrink the key space?
How large is the data set that would be the permitted word set?
What user interaction would be involved if a word was not in the
permitted word list?

The most likely phrases?:
#1)  The quick brown fox jumped over the lazy dog
#2)  Double double toil and trouble fire burn and caldron bubble.

I fear that what looks like a modern stronger key system will
be system dependant and invite trust ... yes we already have internet
that keep passwords in clear text. We also have companies that prune the
characters to the first eight and ignore the next 500.

CaMel case?

BTW: I like the basic idea.

$ wc /etc/dictionaries-common/words
102401 102401 972398 /etc/dictionaries-common/words

          T o m    M i t c h e l l ( o n   N i f t y E g g )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20191107/68a9975d/attachment.htm>

More information about the cryptography mailing list