X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/9e55cd457afb2e58007e96f54c82194334ef2266..f523d0d3b570f5d420b8659ab046d9282b500329:/doc/pubkey.but

diff --git a/doc/pubkey.but b/doc/pubkey.but
index 5a0346a1..f8490776 100644
--- a/doc/pubkey.but
+++ b/doc/pubkey.but
@@ -1,4 +1,4 @@
-\versionid $Id: pubkey.but,v 1.6 2001/09/25 19:59:14 simon Exp $
+\versionid $Id: pubkey.but,v 1.7 2001/11/25 16:57:45 simon Exp $
 
 \# FIXME: passphrases, examples (e.g what does a key for pasting into
 \# authorized_keys look like?), index entries, links.
@@ -126,12 +126,16 @@ meaningful comment may help you remember which passphrase to use!  You
 should always enter a \e{Key passphrase} and \e{Confirm passphrase} to
 protect your keys.
 
-\# FIXME: Mention a good length for a passphrase. (I think Schneier
-\# said something about this on counterpane.com once.)
-
-\# In case people don't like the idea of exchanging a short password
-\# typed every time for a longer passphrase typed every time, link
-\# to the Pageant chapter.
+(Choosing a good passphrase is difficult. Just as you shouldn't use
+a dictionary word as a password because it's easy for an attacker to
+run through a whole dictionary, you should not use a song lyric,
+quotation or other well-known sentence as a passphrase. DiceWare
+(\W{www.diceware.com}\cw{www.diceware.com}) recommends using at
+least five words each generated randomly by rolling five dice, which
+gives over 2^64 possible passwords and is probably not a bad scheme.
+If you want your passphrase to make grammatical sense, this cuts
+down the possibilities a lot and you should use a longer one as a
+result.)
 
 Finally save the key by pressing the \e{Save} button. Do not close the
 window but proceed with step \k{pubkey-gettingready}, otherwise you