Re: Crypto Question

From: Francisco Andrades (fandrades_at_nextj.com)
Date: 11/07/03

  • Next message: Wu Fei Liang: "Re: Crypto Question" 
    Date: Fri, 07 Nov 2003 15:10:36 -0400
To: "McGill, Lachlan" <mcgilll1@anz.com>

    McGill, Lachlan wrote:
    > Am I right in assuming that an encrypted file/email is only as secure as the passphrase used for the private key? i.e. If i use the passphrase 'password' then does it become irrelevant what key size I use to encrypt the data?

    That depends on the scheme you are trying to implement. When you use PBE
    (Password Based Encryption) the password you enter is used as a fixed
    parameter for generating a random symmetric key. If you repeat the same
    process using the same password and the same algorithm (most
    implementations use also a random padding and an iteration count) you
    will always get the same "random" symmetric key.

    When choosing the algorithm to use you can also choose the length of the
    generated key. You have then three variables that define how strong is
    your encryption scheme:

    1.- The length of the generated symmetric key.
    2.- The selected algorithm
    3.- The selected password

    If the length of the symmetric key is really small then it can be brute
    forced. If the algorithm selected is weak then it can be brute forced.
    If you leave a copy of your password on a post-it note on your monitor
    then your data is as good as plain text.

    Your data is only as secure as the weakest component on your security
    schema. A strong password but small key size is as good as a semi-weak
    password (no dictionary) and good key size. 

    -- 
Francisco Andrades Grassi
www.nextj.com
Tlf: +58-414-125-7415
---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------
  • Next message: Wu Fei Liang: "Re: Crypto Question"

    Relevant Pages

    • Re: CREATE SYMMETRIC KEY
      ... To test it out using encryption, I created a database, TestEncrypt, using ... CREATE SYMMETRIC KEY SSN_Key_01 ... Either no algorithm has been specified or the bitlength and the algorithm ... DECRYPTION BY CERTIFICATE HumanResources037; ...
      (microsoft.public.sqlserver.security)
    • Re: encryption with python?
      ... >> this encryption compared to PGP? ... p3.py's functionality is nothing like PGP: ... It has no public key encryption, ... Imagine you choose some algorithm and it gets broken and you have to ...
      (comp.lang.python)
    • Re: Crypto Question
      ... (Password Based Encryption) ... parameter for generating a random symmetric key. ... When choosing the algorithm to use you can also choose the length of the ... PGP / XML GATEWAY APPLIANCE ...
      (Security-Basics)
    • Unknown file encryption
      ... algorithm was used, let alone the passphrase. ... How can I go about determing what encryption program was used (crypt, ... pgp, des, etc.)? ...
      (sci.crypt)
    • SQL 2005 Available Encrytion Algoriths by OS Version
      ... create symmetric key sk_accountnumber with algorithm = aes_256 encryption by ... Either no algorithm has been specified or the bitlength and the algorithm ... specified for the key are not available in this installation of Windows. ...
      (microsoft.public.sqlserver.security)
    • Quantcast