[Discuss] deadmanish login?
Bill Bogstad
bogstad at pobox.com
Thu Feb 2 16:46:20 EST 2017
On Thu, Feb 2, 2017 at 4:38 PM, Richard Pieri <richard.pieri at gmail.com> wrote:
> On 2/2/2017 2:51 PM, Kent Borg wrote:
>> Does have 40-bits of entropy, that is.
>
> Not really:
> https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
Yes really. IF the word selection is based on a random
process. Schneier is correct that if a human selects (either you personally or
by quoting from another source then you lose entropy. If you are just writing
down a 40 bit random number by encoding it into words, there is no problem
(modulo offline vs. online attacks).
Bill Bogstad
More information about the Discuss
mailing list