5.9.1. again, this stuff is covered in many of the FAQs on PGP and on security that are floating around... 5.9.2. "How long should crypto be valid for?" + That is, how long should a file remain uncrackable, or a digital signature remain unforgeable? - probabalistic, of course, with varying confidence levels - depends on breakthroughs, in math and in computer power + Some messages may only need to be valid for a few days or weeks. Others, for decades. Certain contracts may need to be unforgeable for many decades. And given advances in computer power, what appears to be a strong key today may fail utterly by 2020 or 2040. (I'm of course not suggesting that a 300- or 500-digit RSA modulus will be practical by then.) + many people only need security for a matter of months or so, while others may need it (or think they need it) for decades or even for generations - they may fear retaliation against their heirs, for example, if certain communications were ever made public - "If you are signing the contract digitally, for instance, you would want to be sure that no one could forge your signature to change the terms after the fact -- a few months isn't enough for such purposes, only something that will last for fifteen or twenty years is okay." [Perry Metzger, 1994-07-06] 5.9.3. "What about commercial encryption programs for protecting files?" - ViaCrypt, PGP 2.7 - Various commercial programs have existed for years (I got "Sentinel" back in 1987-8...long since discontinued). Check reviews in the leading magazines. + Kent Marsh, FolderBolt for Macs and Windows - "The best Mac security program....is CryptoMactic by Kent Marsh Ltd. It uses triple-DES in CBC mode, hashes an arbitrary-length password into a key, and has a whole lot of Mac-interface features. (The Windows equivalent is FolderBolt for Windows, by the way.)" [Bruce Schneier, sci.crypt, 1994-07-19] 5.9.4. "What are some practical steps to take to improve security?" - Do you, like most of us, leave backup diskettes laying around? - Do you use multiple-pass erasures of disks? If not, the bits may be recovered. - (Either of these can compromise all encrypted material you have, all with nothing more than a search warrant of your premises.) 5.9.5. Picking (and remembering) passwords - Many of the issues here also apply to choosing remailers, etc. Things are often trickier than they seem. The "structure" of these spaces is tricky. For example, it may seem really sneaky (and "high entropy" to permute some words in a popular song and use that as a pass phrase....but this is obviously worth only a few bits of extra entropy. Specifically, the attacker will like take the thousand or so most popular songs, thousand or so most popular names, slogans, speeches, etc., and then run many permutations on each of them. - bits of entropy - lots of flaws, weaknesses, hidden factors - avoid simple words, etc. - hard to get 100 or more bits of real entropy - As Eli Brandt puts it, "Obscurity is no substitute for strong random numbers." [E.B., 1994-07-03] - Cryptanalysis is a matter of deduction, of forming and refining hypotheses. For example, the site "bitbucket@ee.und.ac.za" is advertised on the Net as a place to send "NSA food" to...mail sent to it gets discarded. So , a great place to send cover traffic to, no? No, as the NSA will mark this site for what it is and its usefulness is blown. (Unless its usefulness is actually something else, in which case the recursive descent has begun.) - Bohdan Tashchuk suggests [1994-07-04] using telephone-like numbers, mixed in with words, to better fit with human memorization habits; he notes that 30 or more bits of entropy are routinely memorized this way. 5.9.6. "How can I remember long passwords or passphrases?" - Lots of security articles have tips on picking hard-to- guess (high entropy) passwords and passphrases. + Just do it. - People can learn to memorize long sequences. I'm not good at this, but others apparently are. Still, it seems dangerous, in terms of forgetting. (And writing down a passphrase may be vastly more risky than a shorter but more easily memorized passphrase is. I think theft of keys and keystroke capturing on compromised machines are much more important practical weaknesses.) + The first letters of long phrases that have meaning only to the owner. - e.g., "When I was ten I ate the whole thing."---> "wiwtiatwt" (Purists will quibble that prepositional phrases like "when i was" have lower entropy. True, but better than "Joshua.") + Visual systems - Another approach to getting enough entropy in passwords/phrases is a "visual key" where one mouses from position to position in a visual environment. That is, one is presented with a scene containg some number of nodes, perhaps representing familiar objects from one's own home, and a path is chosen. The advantage is that most people can remember fairly complicated (read: high entropy) "stories." Each object triggers a memory of the next object to visit. (Example: door to kitchen to blender to refrigerator to ..... ) This is the visual memory system said to be favored by Greek epic poets. This also gets around the keyboard-monitoring trick (but not necessarily the CRT-reading trick, of course). It might be an interesting hack to offer this as a front end for PGP. Even a simple grid of characters which could be moused on could be an assist in using long passphrases.
Next Page: 5.10 DES
Previous Page: 5.8 The Nature of Cryptology
By Tim May, see README
HTML by Jonathan Rochkind