Passphrasecheckwebsites
Steve Kinney
steve10k@mpinet.net
Sun Jun 2 02:24:02 2002
Hi,
After playing with it a bit, I have decided that the
password test utility at http://www.cnlab.ch/pwcheck/
is useless for checking PGP/GPG pass phrases. It was
designed to test short passwords, and does so by looking
for dictionary words and fragments of dictionary words.
When it finds a predominance of words or word fragments,
it automatically assumes a bad password, no matter
how long or random the list may be.
I have tried pass phrases made up of ten or more
misspelled English words, which the password checker
identified as breakable in one day on a home PC--
despite there being somewhere in the vicinity of
6 x 10^37 combinations to try...
Pass phrase strength is a matter of entropy. To check
a PGP/GPG pass phrase, start here:
http://www.vanish.org/security/ppfaq.htm
:o)
Steve K