Re: encryption

André G. Isaak wrote:

I was just wondering whether 128-bit encryption offers any security
advantages over 64-bit encryption if one chooses a password which is 8
(randomly chosen) characters or less? Does one require a 16 character
password to take full advantage of 128-bit encryption?

If an attacker knows for certain that your password is exactly 8 ASCII
characters (say limited to letters and digits) then the search space for
the password is 62^8 which is about 100000 times smaller than 2^64 (the
search space for going direct instead of the password). So, yes, in
that case the password would be the weak point.

I don't think that AES supports anything under 128 bits. But even if it
did the time gain for using 64 bit would be negligible.

For many systems the password is the weak point. And some have argued
that it will always be that way because of the nature of what people can
keep in their heads. But that's fine. If my password or passphrase is
stronger than the encryption system, I would consider the encryption
system way too weak.

For very high security things, people are encouraged to use "pass
phrases". One of my pass phrases has more than 15 characters, including
letters, numbers, punctuation. It is also not a phrase that has ever
been written down by anyone (you won't find it in a quotation dictionary
or in any corpus in any language). It is memorable (to me) and it is
one of a small handful that I've committed to memory.

My gazillions of others are (mostly) auto-generated, hard to remember,
and kept in a Keychain-like system. I do have some that are pretty weak
passwords, but I'm slowly resetting those to stronger ones.

On the whole, passwords are a real problem. And I'd encourage everyone
to use a Keychain or some other mechanism for generating and keeping
passwords that aren't easy to remember.

-j

--
Jeffrey Goldberg http://www.goldmark.org/jeff/
I rarely read top-posted, over-quoted or HTML posts
My Reply-To address is valid.
.

Relevant Pages

  • RE: XP password and encryption
    ... Windows NT 4 (I can't remember if it was part of the SP2 upgrade to ... (effectively limited to 14 characters), ... a one-way (non-reversible encryption) of variable size. ... > We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion ...
    (Security-Basics)
  • Re: Safe password?
    ... > I use an encryption program that uses AES-256 as its encryption ... > characters for this encryption type? ... The keyspace, expecially in the second case, would be far from the one ... collision resistent hash) to a random key of the length you desire; ...
    (sci.crypt)
  • Re: Storing input into a character array
    ... char enc; ... slots in the array enc until enc is filled up. ... If you don't want newline characters in your array, ... encryption, it does correctly output the 4 characters of the first row ...
    (comp.lang.c)
  • Re: Writing extended ascii characters to text file.
    ... John ... so in order to get real ASCII codes you should use the GetBytes ... >> I am just trying to port an existing simple encryption routine to C#. ... >> however when I encrypt the file, several characters are corrupted. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: BEWARE! PHishing Expedition!
    ... The best, hardest to crack, easy to remember passwords are ... And passwords can be generated using such phrases or sentences ... only the first eight characters actually ... non-standard punctuation characters into it even so. ...
    (rec.crafts.metalworking)