|
|
|
|
|
|
by mistercow
4811 days ago
|
|
|
That's true. What I should have said was that we want to make the entropy easy to measure. If I flip through random passwords until I find one that's easy to remember, I have no idea how much entropy I've lost. But the mad-libs method should let us know exactly what our effective key length is, and allow us to make up for it with longer phrases if needed. Edit: Another technique that I find useful is to place the four words into a more memorable sentence. For example, if I pull "frequently scared earth understanding" from passphra.se, I might have trouble remembering that raw sequence of words. But if I put it into a sentence like "I am frequently scared, but the Earth is understanding.", then I have a much more evocative sentence that I'm likely to remember. I usually will just use that whole sentence, punctuation and all, because hey, extra entropy. Dropbox's zxcvbn tool[1] estimates that pass phrase at nearly 128 bits of entropy. [1] https://github.com/lowe/zxcvbn |
|
|