Re: Announce loop-AES-v1.3b file crypto package

["peter k." <spam-goes-to-dev-null@gmx.net>]

> > i saw that in the readme: "Password string has a minimum length of 20
> > characters."
> > aren't 10 byte passwords enough? i dont like having to learn 20 byte
> > passwords =(
>
> No, 10 byte passwords are NOT enough.  Given that they are
> printable ascii characters and subject to a variety of other entropy
> reducing issues, a password "byte" is probably only worth about 6
> bits of entropy, maybe (probably) less.  That gives you only about
> 60 bits of strength against brute force.  Not enough...
>
> Rule of thumb...  (although all "rules of thumb are bad since
> they lead to guessible patterns.)  Pass WORD is bad.  Pass PHRASE is
> better.  Make it several words with number substitutions and odd
> punctuation.  Make at LEAST one word misspelled, especially if the
> mispelling is one of the numbers.  (Example: Wizard -> W122@rd!).
> The sillier (or obnoxious, or obscene) the better (easier to remember,
> harder to guess).  Basic mnemonics.  You won't forget and
> 1t_wi11-b3=@.B1111t)H! t0 gu3ss..!  (it will be a bitch to guess) :-)

well, im usually using passwords like "4wj8s06bj2" or "7e1t91436g", not any
english or whatever words!!
so if i would have to learn a 20 byte password in that format it would be
like "v1872cqad730lbsq53i8" or "0v7g25y0mp49n26yrntb" and learning that isnt
easy, is it? ;)




Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/