Perhaps this can be out of topic, but recently I was involved in a
discussion on metods to generate strong password starting from easy to
remember word or sentence, there I proposed to use a private key to encrypt
easy to remember words. Is this is a valid or applicable metod?
[Ex Nihil, Nihil. If you start with only the universe of easy words,
the maximum entropy of your passphrase is is limited. Pull, stretch,
squish and mangle it any way you like -- you cannot increase the
entropy of something by a deterministic algorithm. You can at best
obscure it well.... --Perry]
Sergio Tabanelli
-----Original Message-----
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date: marted́ 9 maggio 2000 21.46
Subject: Re: Automatic passphrase generation
>-----BEGIN PGP SIGNED MESSAGE-----
>
>Steve Reid <[EMAIL PROTECTED]> wrote:
>>
>> This is not nearly as good as I had hoped. Does anyone have any
>> suggestions for producing output that is more correct english? I'm
>> wondering if maybe the lexicon I'm using isn't so good. Or maybe my
>> knowledge of sentence structure hmm, with Yoda on par it is.
>
>I tend to favor long passphrases with full meaning taken from real
>works:
> "d God said, Let there be light: and there was light. And God
> saw the light, that it was good: and God divided the light
> from the darkness. And God called the light Day, a"
>
>Obviously, if you know it comes from a book you don't need to random
>try for the key. But still, and if you don't take actual sentences,
>you get a nice number of options (e.g. starting at any word and using
>the next 20-40 ones you'd get ~[size-range] * [number-of-words-in-book
>- - min-size-of-passphrase]). Using partial words would increase options
>proportionately. That's still too little.
>
>But, make it be a bigger number of books and you get a bigger number of
>options.
>
>Use a thesaurus to substitute words by synonyms and increase it (just
>think how many alternate versions of Murphy's law there are around).
>
> "...
> peered the light, that it was fine: & Deity parted the flame
> ..."
>
>Makeing use of alternate (mis)spellings you may further increase
>uncertainty.
>
> "...
> peered the lit; that 'twas fin -- & deity parted the phlame
> ..."
>
>Making its length have greater variability does so even more. Mixing
>various languages (if feasible) helps a bit more...
>
> "...
> vu la lumier; that 'twas fin -- & deity parted the phlame
> ..."
>
>Yet, for automatic generation you are bounded by electronic books,
>which are still relatively few. But there's the Internet with a
>source of electronic text in the form of web pages, e-mail, USENET
>news messages; and there are translation tools, and so on...
>
>Oh, and don't forget acrostics: take the first (or second or...)
>letter/word from a poem and off you go.
>
>So it would run something like
>
> pos = random number between 0 and collection-size
> go to pos in literary-collection
> size = random number between min-len and max-len
> phrase = fetch size characters/words starting at pos
> for every work in phrase
> randomly select synonym in thesaurus
> with probability p = f(x)
> randomly select equivalent in language Y
> with p = f(y)
> randomly select alternate (mis)spelling in
> degenerate thesaurus with p = f(z)
> for every symbol/character in phrase
> randomly select alternate equivalent with p = f(v)
> & so on...
>
>Obviously too, after several transformations you may as well end up
>with a nonsensical sentence. Note that repeating the steps more than
>once will result in sensible meaning drifts (adding to the fun and the
>entropy).
>
>I may be wrong, but my impression is that increasing entropy may not
>be so difficult with long enough (>150 char) fragments.
>
>It may also help producing the passphrase and showing the user the
>process used to develop it so s/he may learn to do it by him/herself.
>
>Just my 2c worth.
>
> j
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3i
>Charset: noconv
>
>iQEVAwUBORgtvrgsTQLvQjxFAQEzEAf/e1f1OvfBDaOimrPJb3fh75sHm+vxHtmK
>Bo13sYdfd+PF3+c9Cp8oPv00dC68L2XazS4AeWqYJNaIUjeCrI7GwncSxZycKlBa
>UF30PJCWR/pg8fiBva4Ay+kL+6sR5cPtPzjpW/0SeYHyJ6wuxxulhqUt5fR7BsMq
>V/ChQyrV/8jMCmOYILTmcwtgVJ4Zg0mGdNqDbUmIE2bqKwowmc5FosS8GBSQp9mz
>LVouObnZ6qTwO+Pb78YOLLAphA/sA7f6NddWGfqHcEsAm69CtGXM5rUhiw4J6Iyg
>0ezqDzvYSVXNQtZ6pGOMXhMH3D9J2CWHjwrpXXPUlEPPKRlMoZfxhw==
>=rqo8
>-----END PGP SIGNATURE-----
>
