On 01/15/2015 02:37 AM, Ben Laurie wrote: > If you calculate the entropy of quotations, its pretty apparent that > they're really not very safe (sorry, I did this years ago, > back-of-envelope figures lost in mists of time). According to the classic Shannon experiment, a typical English sentence relatively quickly amortizes to 1.1 bits of entropy per letter. Here's a fun little applet someone made so you can try yourself (humans tend to get ~1.6 per letter): http://www.math.ucsd.edu/~crypto/java/ENTROPY/ I can't imagine there are many languages that would be significantly different, and selections from quotations would obviously have even less than that. > You need, IMO, to make up a phrase of your very own. "Making up" a strong passphrase is generally not something I'd consider a good idea. There are plenty of experiments showing people are terrible at consciously generating entropy. IMO, methods that emphasize measurable entropy are better than trying to have a ton of entropy with no estimate. Which is why I always preach diceware to people -- I'd be willing to bet even a 4 word diceware passphrase (51.6 bits of entropy) is more secure than most of the "clever" tricks people use in their passphrases (insert XKCD reference here).
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
