Security Basics mailing list archives
RE: File Encryption - Part II
From: "Milli Bit" <milli_bit () hotmail com>
Date: Mon, 22 Sep 2003 22:09:25 -0500
In my quest for passwords that are easy to remember, I wrote a small web-app "Pseudo-Random Semi-Pronounceable Password". Rather than duplicate the explanation here in email, it's on the page:
http://ganns.com/PRaSPP/It's obviously not for corporate-level security. :) Give me feedback if you care to.
Smaller than a kilobyte, smaller than a byte, smaller even than a bit? http://MILLIBIT.com The Disorderly Planets game that you love now has online scoring: http://MILLIBIT.com/Games/DisorderlyPlanets/
From: Kenneth Buchanan <K.Buchanan () Kastenchase com> To: 'Kamal Habayeb' <mountainfury () fastmail fm>CC: 'Rick Jones' <rwjones2001 () hotmail com>,security-basics () securityfocus comSubject: RE: File Encryption - Part II Date: Tue, 16 Sep 2003 13:11:07 -0400 That is a good point, and there has been some analysis done on the subject. Such passphrases do indeed provide a reasonable level of security, although they do tend to be hated by the average user. On topic, anyone serious about hardening an encryption system using passphrase-derived keys should read the PGP passphrase FAQ: http://www.stack.nl/~galactus/remailers/passphrase-faq.html It should give you an idea about where to start when trying to make the weakest link as strong as possible. -----Original Message----- From: Kamal Habayeb [mailto:mountainfury () fastmail fm] Sent: Tuesday, September 16, 2003 12:28 PM To: Kenneth Buchanan Cc: 'Rick Jones'; security-basics () securityfocus com Subject: Re: File Encryption - Part II -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kenneth Buchanan wrote: | The point of EFS is to allow file/folder access only to the appropriate | logged-on user ... ~ As a general rule, if a password can be remembered, it can be brute | forced. I agree with you here Kenneth, passwords are usually the weak link in the security equation. I am a strong believer in pass-phrases. Using something like IHatE8traFFic%inDMornING* would offer a strong password and something that the user would be able to remember better than a randomly generated strong password. Cheers, Kamal Habayeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/ZzoHWz5e+owG3loRAkKFAJwOji8ekRe9yuV82C7io9WEUhL+swCeNIOt XNQnnszG7Npb+vvfAZ/zo+0= =itM9 -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
_________________________________________________________________Frustrated with dial-up? Get high-speed for as low as $29.95/month (depending on the local service providers in your area). https://broadband.msn.com
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: File Encryption - Part II Rick Jones (Sep 16)
- Re: File Encryption - Part II Patrick Boucher (Sep 16)
- RE: File Encryption - Part II Lucas Zaichkowsky (Sep 16)
- <Possible follow-ups>
- RE: File Encryption - Part II Neil Fryer (Sep 16)
- RE: File Encryption - Part II Kenneth Buchanan (Sep 16)
- Re: File Encryption - Part II Kamal Habayeb (Sep 16)
- RE: File Encryption - Part II Kenneth Buchanan (Sep 16)
- RE: File Encryption - Part II Milli Bit (Sep 23)
- RE: File Encryption - Part II Milli Bit (Sep 23)
- Re: File Encryption - Part II Kamal Habayeb (Sep 23)
- RE: File Encryption - Part II Meidinger Chris (Sep 23)
- RE: File Encryption - Part II Chris Berry (Sep 23)