From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: From: "Steve Simon" Date: Tue, 29 Jun 2010 19:30:56 +0100 To: 9fans@9fans.net In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] offered without comment or judgement Topicbox-Message-UUID: 396703a0-ead6-11e9-9d60-3106f5b1d025 > But you can do at least as good as these forms of ID. PKI requires > knowledge of some sort of passkey. (I just worry about identification > for people who are not smart enough to pick a good key. Which, > unfortunately, is also most people. My understanding is a passkey just needs sufficent entropy in order to be strong. This can be a few characters drawn from a larger characterset - your password must be no more than 16 chars and must contain upper and lower case numbers and punctuation. Alternatively it could be a long string made up of a restricted character set - your pass phrase can consist of any text characters but must not contain long repitations and be of at least 200 characters long (say). Thus a passphrase may be a quote from your favorite movie, a lyric or the like. This can then be hashed into a higher entropy string (is this statement true?) used for authentication. I don't understand why modern security systems have an upper limit on passphrase length. (waits for people who know better to tell him he is dumb). -Steve