Re: Theoretical limits for password length
From: Gregory G Rose (ggr_at_qualcomm.com)
Date: 08/25/05
 Next message: Alan: "Re: Is symmetric key distribution equivalent to symmetric key generation?"
 Previous message: Paul Rubin: "Re: Nocona [Intel 64bit cpu timing]"
 In reply to: David Wagner: "Re: Theoretical limits for password length"
 Next in thread: David Wagner: "Re: Theoretical limits for password length"
 Reply: David Wagner: "Re: Theoretical limits for password length"
 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 25 Aug 2005 11:17:07 0700
In article <dej8q5$2mrm$2@agate.berkeley.edu>,
David Wagner <dawusenet@taverner.cs.berkeley.edu> wrote:
>Milan VXdgsvt wrote:
>>Let's have a perfect block cipher, with blocks of length N. The cipher
>>has a password of length P. An attacker gets to know K adjacent blocks
>>of plaintextciphertext, and has virtually unlimited computing power,
>>enabling a brute search of all passwords.
>>The question is, is there a cipher such that the attacker needs much
>>more than just P/N blocks?
>
>Short answer: No.
>
>Slightly longer answer: Once the entropy in the plaintext exceeds
>the entropy in the password, you're screwed.
ITYM "once the *redundancy* in the plaintext
exceeds the entropy in the password...".
Greg.
 Greg Rose 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C Qualcomm Australia: http://www.qualcomm.com.au
 Next message: Alan: "Re: Is symmetric key distribution equivalent to symmetric key generation?"
 Previous message: Paul Rubin: "Re: Nocona [Intel 64bit cpu timing]"
 In reply to: David Wagner: "Re: Theoretical limits for password length"
 Next in thread: David Wagner: "Re: Theoretical limits for password length"
 Reply: David Wagner: "Re: Theoretical limits for password length"
 Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
