[Cryptography] Very best practice for RSA key generation

Arnold Reinhold agr at me.com
Fri Nov 8 04:54:44 EST 2019 

On Mon, 4 Nov 2019 22:26, Christian Huitema replied:

> On 11/4/2019 5:58 PM, Jon Callas wrote:
>> It's certainly possible to take that basic format and further make it easier. As an obvious example, you typed "Correct Horse Battery Staple" and it's obvious that "correct horse battery staple" is also valid. There's no reason why we can't accept reasonable typos or alternates such as "verum equus altilium stapulae" or "correct cheval batterie agrafe" or even "?? ? ?? ??" as each of those is just a different encoding of four fifteen bit integers.
> 
> Pushing your luck, are you? Matching a list of 32K words in different
> languages is going to be fraught with synonyms, homonyms and the like.
> Just to take your example, "batterie" in French is a rechargeable
> battery, while the Duracell battery is "une pile" -- which is also a
> pile. And then, I am not sure that there are 32K commonly used words in
> French, which might introduce interesting issues.
> 

Diceware has been around since 1995, long before xkcd 936, and there are currently word lists in 28 languages* linked from diceware.com. The lists are each 7776 words long, 6^5, for easy random selection using ordinary dice. That works out to 12.9 bit of entropy per word. There is a point of diminishing returns on word list size. A 32K world list (15 bits/word) will have longer words on average and the entropy per entered character is likely lower. I also argue that passwords with random capitalization should be judged on entropy per keystroke, counting the shift key presses as separate keystrokes, not entropy per character. If you evaluate that way, adding a few random characters to a single case password turns out to be better than fully random capitalization, and almost certainly easier to remember and type. 

I have not seen any formal usability studies, but we all have lots of passwords we use. Try changing to a random word passphrase on one account and a random character password of equal strength on another and see which one you find works better. If it were up to me, account creation/change programs would offer randomly generated passwords of equal strength in a few different formats, and let the users pick whichever they prefer.

Arnold Reinhold

* Basque, Bulgarian, Catalan, Chinese, Czech, Danish, Dutch, English, Esperanto, Estonian, Finnish, French, German, Hungarian, Italian, Japanese, Latin, Maori, Norwegian, Polish, Portuguese, Romanian, Russian, Slovak, Slovenian, Spanish, Swedish and Turkish

More information about the cryptography mailing list