Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Passphrase
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Example methods== One method to create a strong passphrase is to use [[dice]] to select words at random from a long list, a technique often referred to as [[diceware]]. While such a collection of words might appear to violate the "not from any dictionary" rule, the security is based entirely on the large number of possible ways to choose from the list of words and not from any secrecy about the words themselves. For example, if there are 7776 words in the list and six words are chosen randomly, then there are ''7,776<sup>6</sup> = 221,073,919,720,733,357,899,776'' combinations, providing about 78 bits of [[entropy (information theory)|entropy]]. (The number ''7776'' was chosen to allow words to be selected by throwing five dice. ''7776 = 6<sup>5</sup>'') Random word sequences may then be memorized using techniques such as the [[memory palace]]. Another is to choose two phrases, turn one into an [[acronym]], and include it in the second, making the final passphrase. For instance, using two English language typing exercises, we have the following. ''The quick brown fox jumps over the lazy dog'', becomes ''tqbfjotld''. Including it in, ''Now is the time for all good men to come to the aid of their country'', might produce, ''Now is the time for all good tqbfjotld to come to the aid of their country'' as the passphrase. There are several points to note here, all relating to why this example passphrase is not a good one. * It has appeared in public and so should be avoided by everyone. * It is long (which is a considerable virtue in theory) and requires a good typist as typing errors are much more likely for extended phrases. * Individuals and organizations serious about cracking computer security have compiled lists of passwords derived in this manner from the most common quotations, song lyrics, and so on. The [[Pretty Good Privacy|PGP]] Passphrase FAQ<ref name="passphrasefaq">{{cite web |date=1997-01-13 |author=Randall T. Williams |title=The Passphrase FAQ |url=http://www.iusmentis.com/security/passphrasefaq/ |access-date=2006-12-11}}</ref> suggests a procedure that attempts a better balance between theoretical security and practicality than this example. All procedures for picking a passphrase involve a tradeoff between security and ease of use; security should be at least "adequate" while not "too seriously" annoying users. Both criteria should be evaluated to match particular situations. Another supplementary approach to frustrating brute-force attacks is to derive the key from the passphrase using a [[key derivation function|deliberately slow hash function]], such as [[PBKDF2]] as described in RFC 2898. {{main|Key stretching}}
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Passphrase
(section)
Add topic
