Re: Cryptographic Functions

[Jan Schejbal <jan.mailinglisten () googlemail com>]

Am 18.08.2009 17:50, schrieb M.D.Mufambisi:
> 1. When a passphrase is used a key in symetric cryptography, how does
> the pass phrase map to the key in an algorithm like AES? ie....how
> many letters correspond to 1 bit? etc?

First, the password (arbitrary length) has to be turned into a key, 
which is usually done using a hash function (or a more complex function, 
which however uses a hash function most times). The output of the 
function has a fixed length, so no matter if you put 1 character or 1000 
characters into it, it will still output say 128 bit. This is only the 
length, not the randomness however!

The security of the password depends on how much randomness (entropy) it 
contains. The more, the better. If the password contains more than 128 
bits (for AES-128) of entropy, however, the entropy is reduced by the 
hash function.

The information that english has 1.1 bits per character entropy means 
that if you have a 30-letter passphrase consisting of plain english, it 
is not very secure (can be guessed), since english allows only certain 
combinations of letters and some of them are less probable than others.

If, however, you use a mix of 15 characters selected randomly from all 
lower- and uppercase letters and numbers, you get
62^15 equally probable combinations, which equals to approximately
2^89 -> 89 bits of entropy (secure enough in most cases)

At least thats how I understand it. Please correct me if I am wrong!


Gruß
Jan

--

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------