Re: md5 collisions and speeding tickets

From: Unruh (unruh-spam_at_physics.ubc.ca)
Date: 08/20/05 

Date: 19 Aug 2005 23:14:43 GMT

Kristian Gjøsteen <kristiag+news@item.ntnu.no> writes:

><Crypto@S.M.S> wrote:
>>He claims to be able to determine
>>the pass phrase used as input to an MD5, where the hash will be used
>>as an encryption key.

>How difficult is it to understand the following argument? The
>passphrase has roughly 20 bits of entropy. This makes a search
>through all possible passphrases possible. That search can be
>performed in "about an hour".

Well, I would dispute that the i 20 character passphrase has only 20 bits of entropy. And
I would dispute that an exhaustive list of those 20bit entropy strings can
be efficiently constructed. Both are needed for the exhaustive search
attack.

>Anyone with half a clue about cryptography knows that the only
>interesting way to counter that argument is to claim that the
>passphrase will have more than 20 bits of entropy.

Or that it is hard to find the exhaustive set containing that 20 bits of
entropy. ("English phrase " is a very amorphous concept).
Are there more than 2^20= a million English phrases with 20 characters in
them? Almost certainly yes. Take your random book. make a list of all
possible unique 20 adjacent character strings in that book. I would
strongly suspect the number to be more than 1000000.
(There are for example 4000= 2^12 different adjacent three letter combinations and
2^14 different four letter combinations in Shackelton's account of his
Polar voyage. I doubt strongly that twenty letter combinations number only
100 times as many. And he definitely wrote English.)

Relevant Pages

  • Re: Should be in crypto for criminals Re: just stupid?
    ... > brute force the pass phrase at all, you can brute force it to obtain ... passphrases by making it so that only one passphrase needs to be remembered ... passphrases are pathetically low in entropy. ... > That's not the pass phrase generator. ...
    (sci.crypt)
  • Re: Should be in crypto for criminals Re: just stupid?
    ... >>brute force the pass phrase at all, you can brute force it to obtain ... > passphrases by making it so that only one passphrase needs to be remembered ... >>the design considerations for CryptoSMS is that it leave ... > passphrases are pathetically low in entropy. ...
    (sci.crypt)
  • Re: Should be in crypto for criminals Re: just stupid?
    ... > I believe it was Wagner that described forward secrecy in that way, ... But searching out the pass phrase used to generate the key defeats ... > Properly implemented it allows each user to pick a single high entropy ... > passphrase, which will itself prevent the searching from being effective. ...
    (sci.crypt)
  • Re: md5 collisions and speeding tickets
    ... > passphrase has roughly 20 bits of entropy. ... It has been shown repeatedly that the pass phrase has more than 20 bits ... > passphrase will have more than 20 bits of entropy. ... SO in other words, MD5 can not be reversed in an hour, unless you ...
    (sci.crypt)
  • Re: Are PassPhrases Secure Enough?
    ... The problem with passphrases is that they has near to natural language ... Entropy is a measure of information uncertainty ... I.e. each extra byte you add to your passphrase ... to break as your passphrase of size more than 50 chars. ...
    (microsoft.public.dotnet.security)
Quantcast