Penetration Testing mailing list archives
Re: Cryptographic Functions
From: Jan Schejbal <jan.mailinglisten () googlemail com>
Date: Wed, 19 Aug 2009 23:07:57 +0200
Am 18.08.2009 17:50, schrieb M.D.Mufambisi:
1. When a passphrase is used a key in symetric cryptography, how does the pass phrase map to the key in an algorithm like AES? ie....how many letters correspond to 1 bit? etc?
First, the password (arbitrary length) has to be turned into a key, which is usually done using a hash function (or a more complex function, which however uses a hash function most times). The output of the function has a fixed length, so no matter if you put 1 character or 1000 characters into it, it will still output say 128 bit. This is only the length, not the randomness however!
The security of the password depends on how much randomness (entropy) it contains. The more, the better. If the password contains more than 128 bits (for AES-128) of entropy, however, the entropy is reduced by the hash function.
The information that english has 1.1 bits per character entropy means that if you have a 30-letter passphrase consisting of plain english, it is not very secure (can be guessed), since english allows only certain combinations of letters and some of them are less probable than others.
If, however, you use a mix of 15 characters selected randomly from all lower- and uppercase letters and numbers, you get
62^15 equally probable combinations, which equals to approximately 2^89 -> 89 bits of entropy (secure enough in most cases) At least thats how I understand it. Please correct me if I am wrong! Gruß Jan -- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Cryptographic Functions M.D.Mufambisi (Aug 18)
- Re: Cryptographic Functions M.B.Jr. (Aug 18)
- Re: Cryptographic Functions Jeffrey Walton (Aug 18)
- Message not available
- Re: Cryptographic Functions M.D.Mufambisi (Aug 19)
- Re: Cryptographic Functions Jeffrey Walton (Aug 19)
- Re: Cryptographic Functions M.D.Mufambisi (Aug 19)
- Re: Cryptographic Functions Steve Friedl (Aug 19)
- Message not available
- Re: Cryptographic Functions David Howe (Aug 19)
- Re: Cryptographic Functions Jan Schejbal (Aug 21)