XPost: comp.mobile.android, alt.internet.wireless   
   From: rjk@greenend.org.uk   
      
   Mike Yetto  writes:   
   > So it is writ by Richard Kettlewell ,   
   > so mote it be.   
   >> Mike Yetto  writes:   
   >>> As for the pass-phrase, yes it should be at least as strong as   
   >>> needed in every case where a pass-phrase/password is used.   
   >   
   >> But how strong is “as needed”?  (Assuming a unique SSID...)   
   >   
   > This depends entirely on your particular threat model.   
      
   That’s why I gave a quantitative approach for translating estimated   
   attacker capabilities into an answer, which doesn’t seem to have   
   survived your editing.   
      
   > I you live in an area where the houses are 400 ft apart then "Do not   
   > crack this pass-phrase." might be enough as you would spot someone   
   > parked in your driveway while trying to log in.   
   >   
   > If you store data that is worth much to anyone who can get it   
   > then something like "`<~l2-G{V2Q z_N'$XL5", with 132 bits of   
   > entropy, might be a better choice. No one will spend the weeks   
   > necessary to crack such a pass-phrase just to gather marketing   
   > information.   
      
   “Weeks” is just a teeny bit of an underestimate here!   
      
   --   
   http://www.greenend.org.uk/rjk/   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)