Quote from: alonetraveler on October 09, 2012, 05:00 amQuote from: Nightcrawler on October 09, 2012, 04:47 amI disagree. The FSB instructed their agents to use 26 characters; 16 characters mixed-case + numerics give you about 95 bits of entropy... throw in a few more for using symbols, let's give it 100, say. I'd go with 9 or 10 Diceware words -- 10 will yield 129 bits of entropy, and they're not that hard to memorize. Given that the words are chosen using a random physical process (dice) the only possible attack is brute force -- with a sufficiently long passphrase, good luck with that. QuoteIf you've used Diceware, a dictionary list is useless. The procedure you're describing is the same one employed by the U.S. Secret Service, i.e. using Access Data's Distributed Network Attack (DNA). A 9 or 10 word Diceware passphrase makes that all superfluous, from a technical point of view. Your only option then is to sweat it out of the suspect, and if they're smart they'll listen to their lawyer and keep their mouth shut. I concede both points to you. Even with the advent of rainbow cracking and tuned-up GPU machines, using a diceware'd phrase is fairly secure. Although they are not truly entropic algorithms, researchers are closing in fast on the algorithms Diceware and other similar services use. This is where a lot of people screw up, they get lazy and are not vigilant with their passphrases. Also, if you're in the U.S., keep your mouth SHUT. If you're in a place where no such option exists, plausible deniability and lean data is your best bet.Diceware is not algorithmic, per-se; rather it is a list of specially-chosen words-- 7,776 in all -- paired with dice-rolls. One rolls 5 dice, reads the result, and looks up the corresponding word in the Diceware list. One repeats the process until the desired passphrase length/strength is achieved. There is no algorithm to crack -- because the word order is based on a random physical process, it cannot be predicted (assuming the dice are fair, of course.) See: http://www.diceware.com/ Here is a short excerpt from the Diceware word list:16655 clause16656 claw16661 clay16662 clean16663 clear16664 cleat16665 cleft16666 clerk21111 cliche21112 click21113 cliff21114 climb21115 clime21116 cling21121 clink21122 clint21123 clio21124 clip21125 clive21126 cloak21131 clockThe complete list contains 7776 short English words, abbreviations and easy-to-remember character strings. The average length of each word is about 4.2 characters. The biggest words are six characters long. The list is based on a longer word list posted to the Internet news group sci.crypt by Peter Kwangjun Suk. An alternative list, edited by Alan Beale, contains fewer Americanisms and obscure words. And there are lists for several other languages. You can also download the Diceware word list in PDF format or in PostScript format.