Posted on 11/15/2017 7:04:06 AM PST by Kaslin
Um, no. Any sentence which is familiar or easily guessed, like "Fourscore and seven years ago our fathers" will be readily found, just like "p4ssw0rd" and the like. Due to desires for convenience, we're all subject to introducing weaknesses like this, to some degree.
The best way to set a long and challenging passphrase is to concatenate, say, 7 or more words from the English language, selected at random. The mathematics of that become quite prohibitive, as far as anyone ever "guessing" the entire sequence. You're talking about (number of words in the English language, say >150K) to the 7th power or more, in a case like that. A very large number of combinations.
There are articles about methods like this to be found on the internet. The key is to have a piece of software do the generation randomly, and then you memorize the n-word sequence, thus removing any of your own biases from weakening the encryption. This, combined with things like PGP and its ilk should give you very strong encryption (when properly implemented).
And it's nothing the government can mandate backdoors into. The acquired knowledge of the human race in mathematics has created a situation wherein if someone wants to encrypt some information, the government isn't going to be able to do much about it. The notion that the State can simply "outlaw" the math is, of course, absolutely ludicrous...
Thanks for the info, A random number generator for page and word and my old but trusty Websters dictionary.
I’ll give it a try.
Properly designed, it's impossible. The biggest problem is the data you need for the code. It is extraordinarily difficult to generate true randomness. Just about anything that is produced by a computer is going to be deterministic to a degree. Yeah, there are ways around that, but they are not easy to implement.
The other problem with an OTP, is management of the pad itself. You need to be able to get the pad to your intended recipient in a secure manner, which pretty much means it has to be a physical hand-off. Electronic transmission, especially today with the huge NSA vacuums sucking up everything imaginable is problematic for several reasons.
Also, you can only use a pad once. Schneier discussed in Applied Cryptography several instances of OTP's being broken by injudicious reuse of pads.
That's why public-key cryptography was so frightening to the powers that be. It solved the key transmittal problem. I can post my public PGP key on the internet for anyone to see and it doesn't help the minions of darkness one bit, providing you jealously guard your private key.
There are some good symmetric cyphers out there, but again, you're still stuck with the problem of key transmittal. If the key is ever discovered by an adversary, all messages encrypted by that key are an open book. I've actually come up with a few ways to generate strong symmetric keys in a deterministic manner, but they won't survive a rubber hose used to discover it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.