Hi!<br><br>You want the passphrase to have at least as much entropy as the bit length of the symmetric key that is derived from it.<br><br>In theory, Grover’s quantum search algorithm could lower down the cost of searching the right passphrase from ~2^128 to (very) roughly ~2^64.<br><br>How to get higher entropy passphrase? You can have a longer passphrase, a longer dictionary (that is, more entropy per word), or both.<br><br>BIP 39 for example supports 128 to 256 bits of entropy per passphrase, iirc with 2048-word lists, thus longer passphrase for higher entropy, see<br><a href="https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki">https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki</a><br><br>Hope this clarifies!<br><br>Best,<br><br>JP<br><div class="gmail_quote"><div dir="ltr">On Fri, 10 Aug 2018 at 22:26, procmem <<a href="mailto:procmem@riseup.net">procmem@riseup.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi JP. Whonix dev here. We are currently discussing the best advice for<br>
generating strong passphrases for our users and so I wanted your advice<br>
on a few questions.<br>
<br>
According to The Intercept [0] using something like diceware is<br>
recommended and a 10 word passphrase has 128 bits of more than enough to<br>
stop the strongest adversaires for the forseeable future.<br>
<br>
The IAD/NIST [1] recommends using 256 bit encryption for AES. Does this<br>
translate into a need for 256 bit passphrases?<br>
<br>
I may be misunderstanding but cipher keylength =/= password entropy?<br>
<br>
Do quantum computers have implications for passphrase (not master key)<br>
bruteforcing?<br>
<br>
Now if it turns out I’m wrong the question becomes: how can a 10 word<br>
passphrase be easily enhanced to get as high entropy as possible without<br>
having to double its size?<br>
<br>
There is an option for diceware to sprinkle random characters in its<br>
output but I don’t know how much entropy bits it adds. Do you know?<br>
<br>
I CC'd our mailing list so ou reply can benefit our users. Thanks in<br>
advance.<br>
<br>
***<br>
<br>
[0]<br>
<a href="https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/" rel="noreferrer" target="_blank">https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/</a><br>
[1] <a href="https://www.keylength.com/en/compare/" rel="noreferrer" target="_blank">https://www.keylength.com/en/compare/</a><br>
</blockquote></div>