panthema / 2009 / cryptote / helpdoc / aboutencryption
Contents Previous Next

About Encryption

Weak Passwords
Advice on Choosing a Password
Measures of Security


Weak Passwords

Much advice is be given by different people about choosing a good password. Following the advice is often difficult and it is commonly ignored. This help tutorial suggests a simple method to keep your sensitive login information secure.

First: do not think of passwords, rather think of passphrases. No encryption program can keep your data safe if you set the password to a plain English word or, even worse, some word connected with your surroundings or identity. There are many lists of bad but nevertheless frequently used passwords on the Internet: try search for "top 100 passwords'' for some amusement.

Confronted with having to choose a longer passphrase most people will want to write it down. Next bad thing to do is to keep the slip of paper directly at the computer. Do not do this!

To give an idea of a good password: regard that Serpent uses 256 keybits, that is 256 bits of random information. An average English text has 1.0 to 1.5 keybits per letter.

So this whole sentence corresponds to only about 51 keybits!

The keybits (that is entropy rate) can be increased by using names, special symbols and other non-natural language elements. A randomly chosen lower- or uppercase letter has 5.7 keybits.


Advice on Choosing a Password

My method to learn a new password is very simple: I use the random password generator built into CryptoTE and generate a string containing random letters. I never include z/y in the password because they are mixed on German vs. English keyboard layouts.

Depending on the purpose, I only use lowercase characters and choose an appropriate password length: the generator will show you the theoretic keybits of the password. Adapt the length to your needs.

My container password is about 25 upper and lowercase letters. That is 139.6 keybits. A lot better than a simple sentence. Something like this: DUWHmnBunfVQNUeCdQxpHHdIJ

You think you cannot learn 25 random letters? Try it! Your memory is way better than you think. Learn it by frequent repetition:

I use CryptoTE daily to fetch some passwords and it always requires you to enter the password. Through this repetition you too will quickly learn your random letters. For the starting time (a week or so) you can write the letters down on paper, but keep that paper slip safe! My favorite place: my wallet. After two weeks: burn it.

If you think 25 letters is way too much: try starting with ten, e.g. rZl2jXybem. That is already 57 keybits.


Measures of Security

CryptoTE can keep your text safe, but you must consider the suitability of encryption for your purpose. Against whom are you keeping your passwords safe?