"MisterE" <MisterE@nimga.com> wrote in
news:47b95473$0$17825$afc38c87@news.optusnet.com.a u:

>> Have a look at this page
>> http://world.std.com/~reinhold/diceware.html
>
>
> They recommend a key from 6^5^5=2.8*10^19 possibilities.

Please can you explain, in layman's terms, how this formula is derived?
Thanks.

Why wouldn't a 5 word diceware phrase be 7776^5?

> The key will
> be an average of 21 characters long consisting of 5 words. Firstly
> such a low possibility is suitable for 65 bit encryption at maximum.

"Decide how many words you want in your passphrase. A five word
passphrase provides a level of security much higher than the simple
passwords most people use. We recommend a minimum of six words for use
with Hushmail, wireless security and file encryption programs. A seven
word pass phrase is thought to make attacks on your passphrase infeasible
through 2033. For more information, see the Diceware FAQ."

> If you pick just 10 random keyboard characters you get more
> combinations. So i guess it comes down to what is easier to remember
> 10 random keys or 5 random words.

10 random characters isn't a "simple password" that "most people use", so
to compare that to the 5 word phrase is perhaps not fair.

Don't forget that most people would be lousy at picking randomly from the
keyboard, especially shift-keying.