[messaging] Peerio
Justin Tracey
j2tracey at gmail.com
Fri Jan 16 17:45:16 PST 2015
On 01/15/2015 02:37 AM, Ben Laurie wrote:
> If you calculate the entropy of quotations, its pretty apparent that
> they're really not very safe (sorry, I did this years ago,
> back-of-envelope figures lost in mists of time).
According to the classic Shannon experiment, a typical English sentence
relatively quickly amortizes to 1.1 bits of entropy per letter. Here's a
fun little applet someone made so you can try yourself (humans tend to
get ~1.6 per letter):
http://www.math.ucsd.edu/~crypto/java/ENTROPY/
I can't imagine there are many languages that would be significantly
different, and selections from quotations would obviously have even less
than that.
> You need, IMO, to make up a phrase of your very own.
"Making up" a strong passphrase is generally not something I'd consider
a good idea. There are plenty of experiments showing people are terrible
at consciously generating entropy. IMO, methods that emphasize
measurable entropy are better than trying to have a ton of entropy with
no estimate. Which is why I always preach diceware to people -- I'd be
willing to bet even a 4 word diceware passphrase (51.6 bits of entropy)
is more secure than most of the "clever" tricks people use in their
passphrases (insert XKCD reference here).
More information about the Messaging
mailing list