RE: File Encryption - Part II

["Milli Bit" <milli_bit () hotmail com>]

In my quest for passwords that are easy to remember, I wrote a small web-app 
"Pseudo-Random Semi-Pronounceable Password". Rather than duplicate the 
explanation here in email, it's on the page:
http://ganns.com/PRaSPP/

It's obviously not for corporate-level security. :) Give me feedback if you 
care to.




Smaller than a kilobyte, smaller than a byte, smaller even than a bit?
http://MILLIBIT.com

The Disorderly Planets game that you love now has online scoring:
http://MILLIBIT.com/Games/DisorderlyPlanets/





> From: Kenneth Buchanan <K.Buchanan () Kastenchase com>
> To: 'Kamal Habayeb' <mountainfury () fastmail fm>
> CC: 'Rick Jones' 
> <rwjones2001 () hotmail com>,security-basics () securityfocus com
> Subject: RE: File Encryption - Part II
> Date: Tue, 16 Sep 2003 13:11:07 -0400
>
>
> That is a good point, and there has been some analysis done on the subject.
> Such passphrases do indeed provide a reasonable level of security, although
> they do tend to be hated by the average user.
>
> On topic, anyone serious about hardening an encryption system using
> passphrase-derived keys should read the PGP passphrase FAQ:
> http://www.stack.nl/~galactus/remailers/passphrase-faq.html
>
> It should give you an idea about where to start when trying to make the
> weakest link as strong as possible.
>
>
> -----Original Message-----
> From: Kamal Habayeb [mailto:mountainfury () fastmail fm]
> Sent: Tuesday, September 16, 2003 12:28 PM
> To: Kenneth Buchanan
> Cc: 'Rick Jones'; security-basics () securityfocus com
> Subject: Re: File Encryption - Part II
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Kenneth Buchanan wrote:
> | The point of EFS is to allow file/folder access only to the appropriate
> | logged-on user ...
>
> ~  As a general rule, if a password can be remembered, it can be brute
> | forced.
>
> I agree with you here Kenneth, passwords are usually the weak link in
> the security equation.  I am a strong believer in pass-phrases.  Using
> something like IHatE8traFFic%inDMornING* would offer a strong password
> and something that the user would be able to remember better than a
> randomly generated strong password.
>
> Cheers,
> Kamal Habayeb
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/ZzoHWz5e+owG3loRAkKFAJwOji8ekRe9yuV82C7io9WEUhL+swCeNIOt
> XNQnnszG7Npb+vvfAZ/zo+0=
> =itM9
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------------
> Captus Networks
> Are you prepared for the next Sobig & Blaster?
>  - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
>  - Precisely Define and Implement Network Security
>  - Automatically Control P2P, IM and Spam Traffic
> FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
> http://www.captusnetworks.com/ads/42.htm
> ----------------------------------------------------------------------------

_________________________________________________________________
Frustrated with dial-up? Get high-speed for as low as $29.95/month 
(depending on the local service providers in your area).  
https://broadband.msn.com


---------------------------------------------------------------------------
----------------------------------------------------------------------------