Private data protection.

Andy Green andy at
Sat May 31 17:32:58 CEST 2008

Hash: SHA1

Somebody in the thread at some point said:
| On Sat, May 31, 2008 at 2:04 AM, Vinc Duran <uberpfloyd at> wrote:
|> You could make it longer too. I mean you could require receiving multiple
|> sms's. It could be a very long key.
| Why bother?
| Even using only alphanumeric characters (I've counted 62 characters)
| there are more than 10^216 possible keys [1]. That means that somebody

I read an provocative estimate a year or so ago that each extra
character of a password adds only on average 1.5 bits of entropy to it.
~ Considering how most passwords are formed from dictionary words, albeit
slightly modified or appended, it sounds about right.

And that's ignoring the passwords that are some variation of 1234,
"password", or are to be found underneath the keyboard[1], etc.

- -Andy

[1] The case in Zaavi shop in Oxford Street, London I was amused to
discover recently.  And the Three shop in Kettering actually had their
login credentials laminated and pinned to the wall for all to read --
how many bits of entropy is that despite the huge "password space" that
could exist?

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -


More information about the community mailing list