[Discuss] vnc => passphrase entropy

[bill.n1vux at gmail.com (Bill Ricker)]

On Fri, Aug 29, 2014 at 1:32 PM, Richard Pieri <richard.pieri at gmail.com> wrote:
> I have a better solution: use a FIPS 181 password generator to generate
> a "phrase" of nonsense, stuff that into your encrypted keychain, and be
> done with it.

That's fine for JFDI.
Assuming FIPS-181 'words' are mnemonic enough for you.

( Some folks prefer the more mnemonic structure of XKCD "Horse Battery
Staple" to  FIPS "jegewmat". )

But Ned and I are talking natural language entropy theory, so that we
may *compare* strengths with a metric.
[ just as you were talking escrow/centralization theory before, to
compare weaknesses.]

Note that the English-like pronounceability rules of FIPS-181 syllable
structure enforces a weaker structure (thats good here!) than rigid
consonant-vowel alternation, so delivered entropy bits per char are
rather less than log2(26)=4.7b, but it seems far better than English
words.

[ The  FIPS-181 ETAONRISH character frequency of the random urn is
such that 'x' is 10x rarer than 'a' . By itself almost the urn
achieves roughly the same 4.7bits as uniform a..z distribution until a
slight deduction is made for the dipthongs 'ch' etc that it generates
as urn units; but since equal frequency 'a' and 't' are more or less
likely in a position based on vowel/consonants around it, as filtered
in actual use it delivers rather less. Probably still more than 3 bits
though, since a strict CACA|ACAC alternation with this Urn loses less
than a bit per char, not shabby. ]

-- 
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux