Talk:Passphrase
From Wikipedia, the free encyclopedia
[edit] Copyright
The second and third paragraphs seem to be an exact copy of the section "What is a passphrase?" from http://world.std.com/~reinhold/diceware.html. The copyright for that page states, in part, "The author hereby grants rights for free, non-commercial, electronic distribution, with attribution, of this entire text or just the Diceware word list.", with emphasis on entire.
- Your right; in fact, the original version — as of 15:05, 27 Nov 2002 — is even more similar. I suggest we just merge the ideas into Password, as a pass phrase is just a type of password. — Matt 09:12, 6 May 2004 (UTC)
-
- Matt, True enough. But not to users. Choosing a pass phrase is rather different than choosing a password, the security implications can be rather different, and so on. I would advocate cross links and two articles despite the conceptual identity from particular perspectives. Thoughts in response? ww 14:29, 7 May 2004 (UTC)
-
-
- I don't see any major differences in concept. In both cases you avoid guessable passwords, try not to write it down on bits of paper and stick them on the monitor, and have a tension between entropy and memorability. A passphrase just has a special form. We already have the line "Passcode is sometimes taken to imply that the information used is purely numeric, such as the PIN commonly used for ATM access." in Password; why not append "A Passphrase is a long password, usually formed from a sequence of words."? — Matt 16:12, 7 May 2004 (UTC)
-
-
-
-
- Matt, No conceptual difference, I agree. The precedent of passcode here is unconvincing. (Perhaps I should done a wig whilst pronouncing on questions of precedent, or at least judicial robes?) I like the 'tension between entropy and memorability' phrase, though. Nice job. The 'special form' of a pass phrase is sufficiently distinct, I think. Cross refs are certainly in order and your sentence would be quite appropriate in making the point of no conceptual difference. However, choosing a pass phrase is rather different than choosing a password or passcode and readers should, I think, learn of this. As it stands the article doesn't do a good job of covering this, nor does password. On my list of course......
- The reason I argue for a separate article is not conceptual difference (as there is none in my view, nor in yours; nor anybody's I would imagine) but practical difference to users. I think enough difference to justify 2 articles. ww 18:13, 8 May 2004 (UTC)
- Matt, No conceptual difference, I agree. The precedent of passcode here is unconvincing. (Perhaps I should done a wig whilst pronouncing on questions of precedent, or at least judicial robes?) I like the 'tension between entropy and memorability' phrase, though. Nice job. The 'special form' of a pass phrase is sufficiently distinct, I think. Cross refs are certainly in order and your sentence would be quite appropriate in making the point of no conceptual difference. However, choosing a pass phrase is rather different than choosing a password or passcode and readers should, I think, learn of this. As it stands the article doesn't do a good job of covering this, nor does password. On my list of course......
-
-
- I just looked carefully at the above discussion, which took place before I started editing here, and realized someone could infer a possible copyright problem with this article. I am the owner of http://world.std.com/~reinhold/diceware.html and I hereby give retroactive permission under GFDL for whatever use was made of it by Wikipedia.--agr 12:19, 20 March 2007 (UTC)
[edit] passphrases in PGP
Why are there passphrases in OpenPGP, when there already is a private key? --Abdull 22:41, 5 October 2005 (UTC)
- The passphrase is used to encrypt the private key so someone else who gains access to your private key file cannot use it, assuming you have a strong passphrase and the attacker can't employ a keyboard logger or acoustic cryptanalysis or other means to discover your passphrase. --agr 23:13, 5 October 2005 (UTC)
[edit] IT context vs. mainstream usage?
I had never encountered this word — "passphrase" — till just now. What I need is to describe a multi-word (i.e. sentence) "password" used for mutual identification of underground operatives in clandestine meetings. Is "passphrase" appropriate for usage in mainstream contexts, or does it meanwhile remain strictly in Information Techonology usage, as the page seems to indicate? -- Thanks, Deborahjay 09:20, 20 March 2007 (UTC)
- I think it's only used in relation to computing, its goal being to emphasize the strength of one's passwords. The reason is that computers are capable of systematically trying a large numbers of passwords by brute force, whereas this is simply not possible when trying to identify yourself to a human being. While remote systems can analogously detect brute force attempts, protecting local storage in this manner is simply not reliable, if your threat model includes the attackers gaining access to this data. Hence the need to protect your important data with a "phrase", and not just a "word". -- intgr 09:53, 20 March 2007 (UTC)
-
- The term was invented in 1981 by Sigmund N. Porter (A Password Extension for Improved Human Factors, Advances in Cryptology: A Report on CRYPTO 81, Allen Gersho, editor, volume 0, U.C. Santa Barbara Dept. of Elec. and Computer Eng., Santa Barbara, 1982. Pages 81--81. Also in Computers & Security, Vol. 1. No. 1, 1982, North Holland Press.) [1]. So if your looking for authentic spy lingo for a novel, it probably won't do. If you are writing a paper, there is no reason not to use the word if it suits.
- By the way, remote systems can not detect brute force attempts, in general, because of the way many systems pass credential in the form of a hashed password. These can be attacked off-line at very high speeds.--agr 11:57, 20 March 2007 (UTC)
