Re: Simple cipher program help

From: Benjamin Goldberg (goldbb2_at_earthlink.net)
Date: 04/29/03 

Date: Tue, 29 Apr 2003 14:01:44 -0400

John E. Hadstate wrote:
>
> Paul wrote:
[snip]
> > How many characters would the key have to be if input was from a
> > keyboard - 8?
>
> Yes, 8. But realize that input from a keyboard will be typically
> US-ASCII and the character encodings will *always* have the high-order
> bit cleared.
> This reduces by half the size of the keyspace you can create. (Yes I
> know; there's *that* trick, but who remembers it?)

Actually, since you're losing the high-order bit from each of 8 chars,
you're reducing the keyspace by 1/256th, not by a mere half.

Of your now 56-bit keyspace, it's reduced even further, since many bytes
are not printable characters (the first 32). This leaves 96 possible
values (about a 6.58 bit keyspace) for each of 8 letters, giving us a
keyspace which is just under 53 bits.

IIRC, it's possible for 56-bit DES to be broken by brute-force in about
3 hours.

If a single encryption operation with this new cipher takes as long as a
single DES encryption, then, using 8 keyboard chars for the key to this
cipher would mean that a brute force break takes 1/10th as long as brute
forcing DES. In other words, about 18 minutes. Even less, if one takes
into account the fact that letters are unlikely to be used in an evenly
distributed manner.

Whereas, if you used 8 *truly random* bytes, (and a single encrypt takes
as long as a single DES encrypt), then it would take 256 times *longer*
to brute force... or 32 days. 

-- 
$a=24;split//,240513;s/\B/ => /for@@=qw(ac ab bc ba cb ca
);{push(@b,$a),($a-=6)^=1 for 2..$a/6x--$|;print "$@[$a%6
]\n";((6<=($a-=6))?$a+=$_[$a%6]-$a%6:($a=pop @b))&&redo;}

Relevant Pages

  • Re: Safe password?
    ... > I use an encryption program that uses AES-256 as its encryption ... > characters for this encryption type? ... The keyspace, expecially in the second case, would be far from the one ... collision resistent hash) to a random key of the length you desire; ...
    (sci.crypt)
  • Re: Safe password?
    ... >> I use an encryption program that uses AES-256 as its encryption ... >> characters for this encryption type? ... >keyspace, however this fact alone is not a mandatory reason to "reduce" ... >collision resistent hash) to a random key of the length you desire; ...
    (sci.crypt)
  • Re: Question about bit strength
    ... the size of the keyspace and has nothing at all to do with how much data ... the rest are defined via a prng. ... several keys of 64-4096 characters, only the first 8-64 characters are ...
    (sci.crypt)