XPost: comp.mobile.android, alt.internet.wireless   
   From: unet.lighthouse@xoxy.net   
      
   So it is writ by Richard Kettlewell ,   
   so mote it be.   
   > Mike Yetto  writes:   
   >> So it is writ by Richard Kettlewell ,   
   >> so mote it be.   
   >>> Mike Yetto  writes:   
   >>>> As for the pass-phrase, yes it should be at least as strong as   
   >>>> needed in every case where a pass-phrase/password is used.   
   >>   
   >>> But how strong is “as needed”?  (Assuming a unique SSID...)   
   >>   
   >> This depends entirely on your particular threat model.   
      
   > That’s why I gave a quantitative approach for translating estimated   
   > attacker capabilities into an answer, which doesn’t seem to have   
   > survived your editing.   
      
   >> I you live in an area where the houses are 400 ft apart then "Do not   
   >> crack this pass-phrase." might be enough as you would spot someone   
   >> parked in your driveway while trying to log in.   
   >>   
   >> If you store data that is worth much to anyone who can get it   
   >> then something like "`<~l2-G{V2Q z_N'$XL5", with 132 bits of   
   >> entropy, might be a better choice. No one will spend the weeks   
   >> necessary to crack such a pass-phrase just to gather marketing   
   >> information.   
      
   > “Weeks” is just a teeny bit of an underestimate here!   
      
   s/the weeks necessary/until the heat death of the universe/   
      
   Mike "slightly less of an overestimate?" Yetto   
   --   
   "Science has taught me (Science warns me) to be careful how I adopt a   
   view which jumps with my preconceptions, and to require stronger   
   evidence for such belief than for one to which I was previously hostile.   
   My business is to teach my aspirations to conform themselves to fact,   
   not to try and make facts harmonize with my aspirations."   
    - Thomas Huxley   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)