Last week I posted my tests with Markov chains as memorable passphrase generators. This weekend I’m exploring some ideas for introducing more entropy into the resultant chains so they can be shorter and hopefully more memorable. In the midst of that I remembered something from my previous life doing crypto stuff: brute-force attacks on passwords can be made more difficult by using a key derivation function that performs some computationally expensive operation on the password to produce a cryptographic key.

The British didn’t invent strong abusive central government, but they seem intent on perfecting it. I just read this Cryptogram post about a new UK law that allows police to demand decryption keys in the course of an investigation, on pain of five years imprisonment. Not a moment too soon, apparently, as terrorists, child pornographers, drug dealers, and naughty dissident subjects are escaping police oversight using encryption technology.