Penetration Testing mailing list archives
Re: Cryptographic Functions
From: "M.D.Mufambisi" <mufambisi () gmail com>
Date: Wed, 19 Aug 2009 08:37:15 +0200
I understand now. The digest i sent earlier is in HEX and it contains 40 characters. So this is 16^40 which is equal to 2^160. So yeah, i understand that bit now. Going back to the ealier question on bits.....it was linked to the information theory and shannons entropy. When they say english has an entropy of 1.1bits....what does that mean? Is high or low entropy desirable? An example would be good. Thanks people. On 8/19/09, M.D.Mufambisi <mufambisi () gmail com> wrote:
Ok. Thanks. I have an SHA-1 hash of a file and the digest is DA39A3EE5E6B4B0D3255BFEF95601890AFD80709. Is this160 bit? How does the output map to 160 bits? On 8/18/09, Shailesh Rangari <shailesh.sf () gmail com> wrote:Hi Munyaradzi, On Tue, Aug 18, 2009 at 2:02 PM, Jeffrey Walton <noloader () gmail com> wrote:Hi Munyaradzi,When a passphrase is used a key in symetric cryptography, how does the pass phrase map to the key in an algorithm like AESThe passphrase should be derived using a KDF. KDFs includes salts and iteration counts. Quite a few bodies offer guidance on KDFs - NIST, RFC, IETF, and ANSI to name a few.how many letters correspond to 1 bit?Don't know what you are asking here. The KDF should provide sufficent 'mixing' such that no information can be gained from 1 bit of output (either 1 or 0 is equally probable). Otherwise, its not a very good KDF.I second that. Also, assuming that a strong Hash Function is being used, then it is difficult to ascertain how many letter(s) would correspond to 1 bit - for one of the essential properties of a Hash Function is that it takes in an 'Arbitrary' length of input(key, passphrase, message, etc) and converts it into a 'Unique', 'Fixed' length output (hash). A Key Len of 128, 256, 512 Bit if hashed with SHA-1, then the output would necessarily be 160 Bits only.Jeff On 8/18/09, M.D.Mufambisi <mufambisi () gmail com> wrote:Hello people. 1. When a passphrase is used a key in symetric cryptography, how does the pass phrase map to the key in an algorithm like AES? ie....how many letters correspond to 1 bit? etc? Regards Munyaradzi Mufambisi
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Cryptographic Functions M.D.Mufambisi (Aug 18)
- Re: Cryptographic Functions M.B.Jr. (Aug 18)
- Re: Cryptographic Functions Jeffrey Walton (Aug 18)
- Message not available
- Re: Cryptographic Functions M.D.Mufambisi (Aug 19)
- Re: Cryptographic Functions Jeffrey Walton (Aug 19)
- Re: Cryptographic Functions M.D.Mufambisi (Aug 19)
- Re: Cryptographic Functions Steve Friedl (Aug 19)
- Message not available
- Re: Cryptographic Functions David Howe (Aug 19)
- Re: Cryptographic Functions Jan Schejbal (Aug 21)