For example, you might come up with “To be or not to be/ THAT is the Question?” If so, I can guarantee that you are not the first person to use this slightly mangled classic Shakespeare quote as your passphrase, and attackers know this. If you created your passphrase by just trying to think of a good one, there’s a pretty high chance that it’s not good enough to stand up against the might of a spy agency. Imagine your adversary has taken the lyrics from every song ever written, the scripts from every movie and TV show, the text from every book ever digitized and every page on Wikipedia, in every language, and used that as a basis for their guess list. Some of these passphrases might seem good and entirely unguessable, but it’s easy to underestimate the capabilities of those invested in guessing passphrases. People often pick some phrase from pop culture - favorite lyrics from a song or a favorite line from a movie or book - and slightly mangle it by changing some capitalization or adding some punctuation or using the first letter of each word from this phrase. Your secret password trick probably isn’t very clever The method is called Diceware, and it’s based on some simple math. There is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. If you use an entirely random sequence of characters it might be very secure, but it’s also agonizing to memorize (and honestly, a waste of brain power).īut luckily this usability/security trade-off doesn’t have to exist. It turns out, coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you’ll probably do a bad job of it. It’s the latest entry in an ongoing series of stories offering solutions - partial and imperfect but useful solutions - to the many surveillance-related problems we aggressively report about here at The Intercept. In this post, I outline a simple way to come up with easy-to-memorize but very secure passphrases. Assume your adversary is capable of one trillion guesses per second.” In his first email to Laura Poitras, Edward Snowden wrote, “Please confirm that no one has ever had a copy of your private key and that it uses a strong passphrase. If you want to encrypt your email with PGP, you protect your private key with a passphrase. You can’t secure much without one.įor example, when you encrypt your hard drive, a USB stick, or a document on your computer, the disk encryption is often only as strong as your passphrase. If you use a password database, or the password-saving feature in your web browser, you’ll want to set a strong master passphrase to protect them. Once you start caring more deeply about your privacy and improving your computer security habits, one of the first roadblocks you’ll run into is having to create a passphrase. In essence, it’s an encryption key that you memorize. But none of this technology offers as much protection as you may think if you don’t know how to come up with a good passphrase.Ī passphrase is like a password, but longer and more secure. iPhones now encrypt a great deal of personal information hard drives on Mac and Windows 8.1 computers are now automatically locked down even Facebook, which made a fortune on open sharing, is providing end-to-end encryption in the chat tool WhatsApp. I T’S GETTING EASIER to secure your digital privacy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |