In their February 1996 report, "Minimal Key Lengths for Symmetric
Ciphers to Provide Adequate Commercial Security" a group of
cryptography and computer security experts -- Matt Blaze, Whitfield
Diffie, Ronald Rivest, Bruce Schneier, Tsutomo Shimomura, Eric
Thompson, and Michael Weiner -- stated:
"To provide adequate protection against the most serious threats...
keys used to protect data today should be at least 75 bits long. To
protect information adequately for the next 20 years ... keys in newly-
deployed systems should be at least 90 bits long."
A five-word Diceware passphrase has an entropy of at least 64.6 bits;
six words have 77.5 bits, seven words 90.4 bits, eight words 103 bits,
four words 51.6 bits. Inserting an extra letter at random adds about 10
bits of entropy. Here is a rough idea of how much protection various
lengths provide, based on updated estimates by A.K. Lenstra (See www.kelength.com). Needless to say, projections for the far future have
the most uncertainty.
* Four words are breakable with a hundred or so PCs.
* Five words are only breakable by an organization with a large
* Six words appear unbreakable for the near future, but may be
within the range of large organizations by around 2014.
* Seven words and longer are unbreakable with any known technology,
but may be within the range of large organizations by around 2030.
* Eight words should be completely secure through 2050.
Pick your passphrase size based on the level of security you want.
Another way to think about passphrase length is to consider what
security precautions you take to physically protect your computer and
data. Here is a list of possible passphrase lengths and commensurate
security precautions. The list of precautions is not intended to be
complete. I am not trying to discourage anyone from using longer
passphrases if they feel up to it, but the added strength without
comparable physical security for your computer is of limited value.
* You would be content to keep paper copies of the encrypted
documents in an ordinary desk or filing cabinet in an un-secured office.
* You need or want strong security, but take no special precautions
to protect your computer from unauthorized physical access, beyond
locking the front door of your house or office.
* Your computer is protected from unauthorized access at all times
when not in your personal possession by being locked in a room or
cabinet in a building where access is controlled 24 hours a day or that
is protected by a high quality alarm service.
* Routine cleaning and building maintenance people do not have
physical access to your computer when you are not present.
* You regularly use an up-to-date anti-virus program purchased off
the floor at a computer store.
* You have verified the signatures on your copy of PGP or your
installed Hushmail 2 client.
* You never run unverified downloaded software, e-mail attachments
or unsolicited disks received through the mail on your computer.
Note: However I do encourage using six or more words on systems that
use the passphrase directly to form a transmission key. Such systems
include Hushmail, disk encryption (e.g. Apple's FileVault),
Ciphersaber, and WiFi's WPA.
* You take all the steps listed under 6 words above, and:
* Your computer is kept in a safe or vault at all times when it is
not in sight of you or someone you trust.
* Your computer was purchased off the floor at a randomly selected
* All the software used on your computer was distributed with a
strong, independently verified electronic signature that you checked,
or was purchased off the floor in a randomly selected computer store
* Your computer has never been repaired or upgraded by anyone you
do not trust completely.
* All disks and tapes used with your computer are either kept in a
safe or physically destroyed.
* You take precautions against audio and video surveillance when
* You change your PGP encryption key regularly (at least once a
* You have taken precautions against TEMPEST attacks. See the
chapter "Commonsense and Cryptography," in Internet Secrets, from IDG
Books Worldwide, for a discussion of what this involves.
For people seeking long term data protection (greater than 10 years) I
would recommend adding one word to the above suggestions.
Borked Pseudo Mailed
On Tue, 12 May 2009 09:07:47 -0600 (MDT), Borked Pseudo Mailed wrote:
> * You have verified the signatures on your copy of PGP or your
> installed Hushmail 2 client.
You just shot your load all over your face with this one, huge, major
Hushmail has been severely compromised for ages.
A fireside chat not with Ari! http://tr.im/holj
Motto: Live To Spooge It!