Re: Newbie question on encryption keys
- From: Ari <arisilverstein@xxxxxxxxx>
- Date: Wed, 11 Jul 2007 14:47:04 -0400
On Tue, 10 Jul 2007 09:15:03 +0000 (UTC), Mark Shroyer wrote:
No, you shouldn't need to enter a 32-character password (although I
can't say for sure because you still haven't specified what software
you're talking about :) ). What usually happens is that the 256-bit
symmetric key is generated as some hash of whatever password you
provide. The longer and more random the password (until you get
past 32 random ASCII characters, anyway), the more entropy in your
256-bit AES key and therefore the more theoretically secure it is --
but in practice a dozen or so characters should be all the entropy
you need, depending on the quality of your software's hash algorithm
and how sensitive your data is.
Mark, nice job with the answers, noobs often get handed their asses
here.
Is it fair to say that if you used a passphrase such as:
6:Q?-jiF
Then repeated it to make a 16 character passphrase, under attack to
break, that you haven't gained much entropy or protection? My thinking
is that a powerful adversary would have a passphrase breaking program
that would constantly search for replication.
.
- Follow-Ups:
- Re: Newbie question on encryption keys
- From: Ertugrul Soeylemez
- Re: Newbie question on encryption keys
- From: Mark Shroyer
- Re: Newbie question on encryption keys
- References:
- Newbie question on encryption keys
- From: rohanm79
- Re: Newbie question on encryption keys
- From: Mark Shroyer
- Re: Newbie question on encryption keys
- From: rohanm79
- Re: Newbie question on encryption keys
- From: Mark Shroyer
- Newbie question on encryption keys
- Prev by Date: Re: My PC was hit with lightning and now Microcenter is looking at it.
- Next by Date: Re: My PC was hit with lightning and now Microcenter is looking at it.
- Previous by thread: Re: Newbie question on encryption keys
- Next by thread: Re: Newbie question on encryption keys
- Index(es):
Relevant Pages
|
|
