Re: Theoretical limits for password length

From: Gregory G Rose (
Date: 08/25/05

Date: 25 Aug 2005 11:17:07 -0700

In article <dej8q5$2mrm$>,
David Wagner <> wrote:
>Milan VXdgsvt wrote:
>>Let's have a perfect block cipher, with blocks of length N. The cipher
>>has a password of length P. An attacker gets to know K adjacent blocks
>>of plaintext-ciphertext, and has virtually unlimited computing power,
>>enabling a brute search of all passwords.
>>The question is, is there a cipher such that the attacker needs much
>>more than just P/N blocks?
>Short answer: No.
>Slightly longer answer: Once the entropy in the plaintext exceeds
>the entropy in the password, you're screwed.

ITYM "once the *redundancy* in the plaintext
exceeds the entropy in the password...".


Greg Rose
232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C
Qualcomm Australia:

Relevant Pages

  • Re: Key entropy, stream entropy, block entropy, block population entropy AKA uniique stream length
    ... the original KEY so both parties can generate the stream. ... If you are expanding the key without "any extra entropy" it must ... I do not know any cipher there it would make sense for this not to be ...
  • Re: Encryption key length (RC4 and Blowfish)
    ... >there was an eavesdropping attacker, ... >with anyone breaking the cipher but solely whether you can distinguish ... >>CBC is a method, and has no entropy at all. ...
  • Re: Encyption of two 256-blocks
    ... Moreover, there's no key, so it can't be a cipher. ... Any number of rounds can then be unwound as will. ... the saturation limits the amount of entropy that can be stirred together. ... After encryption Blockhas an apparent entropy of 1 ...
  • Re: A question on an article dealing with pass phrase and keys
    ... entropy somewhere. ... They can be broken by bruteforce, ... cipher, let us call this part analyse of cipher structure for example ... you must go through the complexity of the hash to find out the ...
  • Re: True Random Number Generator
    ... Let A be the clause that a cipher does not provide perfect security. ... Let B be the clause that a cipher output does not have full entropy. ... you put in 10 Shannons of entropy with the plaintext, ...