j2tracey at gmail.com
Fri Jan 16 17:45:16 PST 2015
On 01/15/2015 02:37 AM, Ben Laurie wrote:
> If you calculate the entropy of quotations, its pretty apparent that
> they're really not very safe (sorry, I did this years ago,
> back-of-envelope figures lost in mists of time).
According to the classic Shannon experiment, a typical English sentence
relatively quickly amortizes to 1.1 bits of entropy per letter. Here's a
fun little applet someone made so you can try yourself (humans tend to
get ~1.6 per letter):
I can't imagine there are many languages that would be significantly
different, and selections from quotations would obviously have even less
> You need, IMO, to make up a phrase of your very own.
"Making up" a strong passphrase is generally not something I'd consider
a good idea. There are plenty of experiments showing people are terrible
at consciously generating entropy. IMO, methods that emphasize
measurable entropy are better than trying to have a ton of entropy with
no estimate. Which is why I always preach diceware to people -- I'd be
willing to bet even a 4 word diceware passphrase (51.6 bits of entropy)
is more secure than most of the "clever" tricks people use in their
passphrases (insert XKCD reference here).
More information about the Messaging