Re: Safe password?

From: "JP LR" <fake.address@xxxxxxxx>
Date: Mon, 26 Dec 2005 15:22:02 +0100

> >> > I use an encryption program that uses AES-256 as its encryption
> >> > algorithm but only allows passwords with a maximum length of 16
> >> > characters. Is it possible to create a safe password with only 16
> >> > characters for this encryption type?
> >>
> >>
> >> What character set is permitted?
> >> eans,
> >> If 96 characters are permitted and you choose them randomly then the
> > number
> >> of bits of entropy from your password can be calculated with this
simple
> >> formula.
> >>
> >> (ln (96^16)) / ln 2 or about 105 bits.
> >>
> >> --
> >> LTP
> >>
> >> :)
> >>
> >>
> >
> >
> > Hello
> >
> > I disagree, because you can use dictionnaries to attack your password.
> > 2000 words is enough to read a newspaper.
> > As words are 5 characters long on the average, there are 3 or 4 words in
a
> > 16 characters.
> > So the formula is more or less 2000^5, which is sghlitly more than 50
> > bits.
> > A far worse result than 105 bits.
> >
> > Indeed if you use rare words, you will probably need a 20,000 words
> > dictionnary which will give a key of 70 bits.
> >
> > To protect against dictionnary attacks, do not use spaces or take only
the
> > first letter of every words of a passphrase.
>
>
> What on earth are you talking about?
>
> I am talking about randomly generated characters - where did this talk of
> words come from?
>
> Do you think the only passwords in the world are sentences?
>
> --
> LTP
>
> :)
>
>

OK, you are right you were speaking of randomly generated characters.
So my comment is not adequate.

JP

.

Follow-Ups:
- Re: Safe password?
  - From: Carlos Moreno

References:
- Safe password?
  - From: paul_wary
- Re: Safe password?
  - From: Luc The Perverse
- Re: Safe password?
  - From: JP LR
- Re: Safe password?
  - From: Luc The Perverse

Prev by Date: Re: Defeating keyloggers with encrypted one time passwords (a patent spoiler?)
Next by Date: Re: SHA Collision Resistance
Previous by thread: Re: Safe password?
Next by thread: Re: Safe password?
Index(es):
- Date
- Thread

Relevant Pages

Re: French - Dictionnary attack
... characters are allowed, min and max length, etc). ... >>I am also looking for French specific dictionnaries that could help for this type of testing. ... >>Learn the hacker's secrets that compromise wireless LANs. ... >>WLAN by understanding these threats, ...
(Pen-Test)
Re: Safe password?
... >> I use an encryption program that uses AES-256 as its encryption ... >> characters for this encryption type? ... because you can use dictionnaries to attack your password. ... To protect against dictionnary attacks, do not use spaces or take only the ...
(sci.crypt)
Re: Safe password?
... >> If 96 characters are permitted and you choose them randomly then the ... >> number of bits of entropy from your password can be calculated with ... because you can use dictionnaries to attack your password. ... > To protect against dictionnary attacks, do not use spaces or take only the ...
(sci.crypt)
Re: Safe password?
... >>> characters for this encryption type? ... >> LTP ... because you can use dictionnaries to attack your password. ... > To protect against dictionnary attacks, do not use spaces or take only the ...
(sci.crypt)
Re: Safe password?
... Is it possible to create a safe password with only 16 ... >>> characters for this encryption type? ... because you can use dictionnaries to attack your password. ... >To protect against dictionnary attacks, do not use spaces or take only the ...
(sci.crypt)