
	Where results make sense

Topic: Pass phrase

	[No title] (Site not responding. Last check: 2007-11-07)
		Before you say "Well, my pass phrase is long enough," remember that in PGP, as in all public key systems, the security of the messages you send depends on the security of the recipient's secret key, not on your own safeguards.
		Instead, PGP could use the pass phrase as the initial value for a computation-time intensive hash algorithm optimized to use as much of the processing resources in a typical personal computer as possible, including wide word multiplies, branches and lots of RAM.
		Adding a factor of 10^9 in the difficulty of recovering pass phrases is roughly equivalent to adding 30 bits of entropy to each pass phrase and would significantly improve the security of PGP for all users.
	world.std.com /~reinhold/passphrase.survey.asc (2470 words)

	Pass Phrase Generator
		The list of pass phrases is completely determined by the seed, and is consequently no more secure than the seed is--if it can be guessed, all of the pass phrases generated from it are compromised.
		If Include signatures is checked, the list of phrases will be followed by a list of their MD5 signatures; password validation programs may wish to use signatures rather than the actual phrases to save memory and reduce the risk of disclosure of the original phrases.
		The relationship between the number of words in a pass phrase and the equivalent number of bits in an encryption key is as follows.
	www.fourmilab.ch /javascrypt/pass_phrase.html (560 words)

	Passphrase -- Facts, Info, and Encyclopedia article (Site not responding. Last check: 2007-11-07)
		You should have your passphrase ready before creating your PGP or GPG (A lever that actuates a mechanism when depressed) key or opening a new Hushmail accountas 'inventing' a passphrase whilst entering it is a poor practice, very likely to lead to poor passphrases, and so to poor security.
		A (A secret word or phrase known only to a restricted group) password is usually short — six to ten characters.
		Another is to choose two phrases, turn one into an (A word formed from the initial letters of a multi-word name) acronym, and include it in the second, making the final passphrase.
	www.absoluteastronomy.com /encyclopedia/p/pa/passphrase.htm (1072 words)

	SUNet ID Passwords
		Pass phrases are longer, but easier to remember than complex passwords, and if well-chosen can provide better protection against hackers.
		A pass phrase is basically just a sentence, including spaces, that you employ instead of a single pass "word." Pass phrases should be at least 15 to 25 characters in length (spaces count as characters), but no less.
		If your pass phrase is based on a well-known slogan, expression, song lyric, or quotation, be sure to customize it with misspellings, bad grammar, invented words, deliberate typos, or oddly placed keyboard symbols.
	unixdocs.stanford.edu /passwords.html (1201 words)

	(fwd) Re: PGP Pass Phrase Security (Site not responding. Last check: 2007-11-07)
		The fundamental reason why attacking or trying to guess the user's password or phrase will increasingly be the focus of cryptanalysis is that the user's choice of password may represent a much simpler cryptographic key than optimal for the encryption algorithm being used.
		The closer the entropy of the user's password or phrase is to the intrinsic entropy of the cryptographic key of the underlying algorithm being used, the more likely an attacker would need to search a substantially larger portion of the algorithm's key space in order to rediscover the key.
		Even relatively short phrases offer acceptable entropy because the far larger "alphabet" pool of word symbols that may be chosen than the 26 characters that form the Roman alphabet.
	cypherpunks.venona.com /date/1994/07/msg00197.html (1134 words)

	Repost of CompuServe Position on Passphrases
		The argument that pass phrases should be forbidden in a protocol because you wouldn't use them in your application, is unfounded.
		Ideally, the same identity and pass phrase should be useful for other services provided by that service provider, impossible if pass phrases are required for PPP but forbidden for other services.
		PASS PHRASES WILL DELAY THE TRANSITION TO PUBLIC KEYS--If you believe that public keys are such a bad solution that people won't use them unless they're forced to use them, then they ARE a bad solution and we should delay the transition to public keys.
	lists.w3.org /Archives/Public/ietf-tls/msg00223.html (1760 words)

	World Intellectual Property Organization (Site not responding. Last check: 2007-11-07)
		In known systems, the registered person typically must utter the pass phrase during a registration process during which the registered speaker's identity is verified utilizing a driver's license, passport, or some other acceptable form of identification.
		The analog waveform or digital representation of the analog waveform from the microphone is then compared to the waveform of the reference pass phrase and a comparison algorithm is utilized to calculate a value representing the dissimilarity between the two waveforms.
		The identity of the speaker is verified by matching at least one of energy data, pitch data, and formant coefficients in the frames representing the speaker uttering the predetermined pass phrase to at least one of energy, pitch, and formant coefficients of a plurality of sample frames stored in memory.
	www.wipo.int /ipdl/IPDL-CIMAGES/view/pct/getbykey5?KEY=03/07292.030123&ELEMENT_SET=DECL (4101 words)

	Authentication - Wikipedia, the free encyclopedia
		It is only possible to apply one or more tests which, if passed, have been previously declared to be sufficient to proceed.
		Many people continue to regard the tes(s) -- and the decision to regard success in passing them -- as acceptable, and blame their failure on 'sloppiness' or 'incompetence' on the part of someone.
		Success in passing this test means little, without regard to sloppiness or incompetence.
	en.wikipedia.org /wiki/Authentication (797 words)

	Security Advisory: Pass phrases are exposed in netHSM log files (Site not responding. Last check: 2007-11-07)
		Pass phrases entered by means of the nCipher netHSM front panel, either using the built in thumbwheel or using a directly attached keyboard, are exposed in the netHSM system log.
		Having access to a pass phrase alone is not sufficient to mount a successful attack on a netHSM.
		The pass phrase associated with a physical smart card is therefore only one of a number of secrets that an attacker requires.
	www.ncipher.com /support/advisories/advisory10.htm (1331 words)

	Big Brother's Sneaky Browser Tricks: Security Basics \| WatchGuard Technologies, Inc.
		Your aim is to use a pass phrase that takes so long to crack that the attacker becomes frustrated and moves on.
		Pass phrases that obviously refer to what they are used for, such as, "read", "write", "readwrite", "ro", "rw", etc. And no, you are not the first to make your password, "password."
		A secure pass phrase is one element in a good security policy, and one more opportunity to lock your door to a potential network compromise.
	www.watchguard.com /infocenter/editorial/1594.asp (701 words)

	Computer Passwords Are Passé
		Ideally your pass phrase should involve a uniquely exotic combination of words and names that's easy for you to remember, to type and to associate with a particular computer account, but that no one would be able to guess.
		One option is to base your pass phrase on some private fact, known only to you, and in your pass phrase to express that fact in a way that would be meaningful only to you.
		Pass phrases containing more than 25 characters are unwieldy to type, and for most people, with respect to computer security, they're overkill.
	www.stanford.edu /~jstamps/SoC_pass_phrases.html (1183 words)

	MIVA Merchant 5 :: Online Help
		Your pass phrases are never sent to the hosting company, or to MIVA Corporation.
		Pass phrases can include upper- and lower-case letters, numbers, spaces, and punctuation.
		In general, the longer and more complex the phrase, the more difficult it would be for a person or program to guess it.
	smallbusiness.miva.com /docs/merc_5.x_help/cryp.html (424 words)

	NOVELL: Cool Solutions: How to Reset an iFolder Pass Phrase
		This Pass Phrase then becomes a part of the key that is used to encrypt the data.
		If the user wants to change the Pass Phrase then all of the files must be decrypted with the old Pass Phrase then encrypted again with the new Pass Phrase.
		Tell them the only way to reset the Pass Phrase is to delete the data from the server and that you don't want to delete the only copy of the data.
	www.novell.com /coolsolutions/feature/119.html (787 words)

	The Great Debates: Pass Phrases vs. Passwords. Part 3 of 3
		Certainly a pass phrase of 9 words is stronger than a password of 9 characters but if you can’t type that many words accurately, it is much worse.
		First, a pass phrase needs to be more than 4 words long, preferably at least 6, to be as strong as a totally random password.
		Please think of another pass phrase (not the one you are currently using) and mail it to us at passstud@microsoft.com*.
	www.microsoft.com /technet/security/secnews/articles/itproviewpoint110104.mspx (1962 words)

	Re: Repost of CompuServe Position on Passphrases
		Such an argument is predicated on the concept of > transmitting pass phrases in the clear.
		This is not an argument against > pass phrases, but an argument against a particular implementation of > pass phrases.
		With pass phrases, a customer service representative may > easily change the user's pass phrase and tell the user the new one, > during the customer's telephone call.
	lists.w3.org /Archives/Public/ietf-tls/msg00224.html (869 words)

	MCT Service - Notesafe FAQ (Site not responding. Last check: 2007-11-07)
		After you supply a pass phrase NoteSafe will be able to decrypt the files and display all of the information in them.
		When the program loads the next time, the pass phrase is loaded again so that you will not have to enter it to access your files.
		The pass phrase is not saved for you, and must be entered to access your files.
	www.mctservice.com /notesafe/faq.html (1124 words)

	Managing Server Pass Phrases
		To activate a secure server automatically (in response to a client request), the server's pass phrase should be supplied automatically because it would be impractical for the server to wait for manual intervention.
		Pass phrases-a pass phrase is stored in the form of an ORB name/pass phrase association.
		When the locator receives a client request for an inactive server, the role of the locator is to contact the KDM server (a plug-in to the locator), retrieve the server's authentication data and send the authentication data on to the node daemon.
	www.iona.ie /support/docs/e2a/asp/5.0/corba/ssl/html/Kdm2.html (399 words)

	PGP Passphrase Usage (Site not responding. Last check: 2007-11-07)
		Pass phrase management is arguably one of the weakest links in the PGP security chain.
		A pass phrase consisting of dictionary words is weaker than the same size pass phrase made up of random letters.
		This study, crude as it is, suggests that a significant minority of PGP users are using inadequate pass phrases.
	www.ecst.csuchico.edu /~atman/Crypto/misc/pgp-passphrase-survey.html (2321 words)

	MakePass documentation (Site not responding. Last check: 2007-11-07)
		When we say a pass phrase has N bits of security we mean that an attacker would have to try on average some 2^(N-1) guesses in order to discover the pass phrase.
		To generate a pass phrase all you have to do is keep on pressing keys on your keyboard until you have generated a word list of the length you need.
		It is important not to forget the pass phrase you have generated.
	www.tecapro.com /makepass.html (1270 words)

	Newbie question - how to include the pass phrase in the command
		Well, since the pass phrase is going to be on the box anyway and somebody is likely to see it (especially when rooting around in the file system) why not make it easier on yourself.
		No pass phrase is the #1 recommend solution for those who need some sort of automated interface.
		The pass phrase is one of the 2 most > secret things you have in the whole encryption system.
	lists.gnupg.org /pipermail/gnupg-users/2003-June/018621.html (502 words)

	PGP Special Topics - Compromised Pass Phrase (Site not responding. Last check: 2007-11-07)
		Probably the simplest attack is if you leave your pass phrase for your secret key written down somewhere.
		If you make your pass phrase a single word, it can be easily guessed by having a computer try all the words in the dictionary until it finds your password.
		That's why a pass phrase is so much better than a password.
	www.phys.uu.nl /~steenbrg/doc/pgp/pgp2_48.html (187 words)

	Pass Phrase Recommendations (Site not responding. Last check: 2007-11-07)
		Good pass phrases are 10-30 characters long and are not simple sentences or otherwise easily guessable
		Pass phrases should be easy for you to type
		Pass phrases should be easy for you to remember
	www.msri.org /people/staff/max/passphrase.html (66 words)

	AxCrypt - Command Line Switches
		These pass phrases will only be used when the same tag is specified in future calls to AxCrypt.
		The -b option may be used to define pass phrases with limited context.
		If -b is given, only pass phrases associated with that tag are affected, otherwise all are removed, tagged and un-tagged alike.
	axcrypt.sourceforge.net /cmdline.htm (1065 words)

	iSafeguard Manual - Changing Pass Phrase
		Remember that the combination of your login name and pass phrase is used to generate a session key to encrypt your profile that contains your private keys and certificates.
		Tip: It is a good idea to change your pass phrase once a while (once a month, for example) or whenever you feel that your pass phrase has been compromised (someone looked over your shoulder while you were typing your pass phrase).
		Tip: A good pass phrase should be at least 8 characters, contain capital letters and digits, and no dictionary words.
	www.mxcsoft.com /Man_Changing%20Pass%20Phrase.htm (163 words)

	Vanish.Org Computer : Security : Personal PC : Pass Phrase FAQ (Site not responding. Last check: 2007-11-07)
		A good nonsense phrase begins to appear to be random as far as a brute force search goes, but it isn't really random.
		The phrase, "my unbreakable super pass phrase can't be beat", is weak by itself.
		The phrase is fairly easy to remember because you used a normal phrase to construct it.
	www.vanish.org /security/ppfaq.htm (5141 words)

	RPA Introduction
		HTML version Abstract Remote Passphrase Authentication is designed to provide a way to authenticate a user to a service by using a pass phrase over an insecure network, without revealing the pass phrase to eavesdroppers.
		I send you a challenge, which is a random number, and you use a one-way function to calculate a result that depends on the challenge and your pass phrase.
		Teaching users to provide their pass phrases in an HTML form is a bad idea.
	www.compuserve.com /rpa/rpa0_txt.htm (1473 words)

	Passphrase - Wikipedia, the free encyclopedia
		The words or components of a passphrase need not all be, but often are, found in a language dictionary -- most particularly one available (on or off line) as input to a dictionary attack program.
		Long enough to be hard to guess (eg, automatically by a search program, as from a list of famous phrases).
		(Whatever software is accepting the passphrase for testing should never echo it to your display, lest shoulder surfers take advantage.) Typing errors are much more likely under such conditions, especially for extended phrases.
	en.wikipedia.org /wiki/Pass_phrase (1085 words)

	Jeff Licquia's PGP FAQ, Part 2
		With a 12 character pass phrase made up of the lower case letters a-z plus the digits 0-9, you have about 62 bits of key, which is 6 bits better than the 56 bit DES keys.
		A pass phrase which is composed of ordinary words without punctuation or special characters is susceptible to a dictionary attack.
		Your pass phrase may be passed over the network in the clear where it could be intercepted by network monitoring equipment, or the operator on a multi-user machine may install "keyboard sniffers" to record your pass phrase as you type it in.
	users.rcn.com /wussery/pgpfaq2.html (8570 words)

	Creating and mailing us your PGP key (Site not responding. Last check: 2007-11-07)
		When it asks you to enter your pass phrase again for a signature, (to sign your own public key before it is sent to us), enter it.
		Your pass phrase can be any sentence or phrase and may have many words, spaces, punctuation, or any other printable characters.
		Enter pass phrase: Enter same pass phrase again: Note that key generation is a lengthy process.
	www.columbia.edu /acis/rad/secure-server/pgp/pgp-make-key.html (1065 words)

Try your search on: Qwika (all wikis)