1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-23 21:02:09 +00:00

Mention exhaustive key searches

This commit is contained in:
Rohan Kumar 2021-01-17 23:59:09 -08:00
parent 6f610238f7
commit 10a29a8196
No known key found for this signature in database
GPG key ID: 1E892DB2A5F84479
2 changed files with 5 additions and 2 deletions

View file

@ -34,7 +34,7 @@ A good measure of password strength is *entropy bits.* The entropy bits in a pas
A brute-force attack that executes 2ⁿ guesses is certain to crack a password with n entropy bits, and has a one-in-two chance of cracking a password with n+1 entropy bits.
For scale, AES-256 encryption is currently the industry standard for strong symmetric encryption, and uses key lengths of 256-bits. An exhaustive key search over a 256-bit key space would be up against its 2²⁵⁶ possible permutations.
For scale, AES-256 encryption is currently the industry standard for strong symmetric encryption, and uses key lengths of 256-bits. An exhaustive key search over a 256-bit key space would be up against its 2²⁵⁶ possible permutations. When using AES-256 encryption with a key derived from a password with more than 256 entropy bits, the entropy of the AES key is the bottleneck; an attacker would fare better by doing an exhaustive key search for the AES key than a brute-force attack for the password.
=> https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard (Wikipedia)

View file

@ -78,7 +78,10 @@ with *n*+1 entropy bits.
For scale, [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)
encryption is currently the industry standard for strong symmetric encryption, and
uses key lengths of 256-bits. An exhaustive key search over a 256-bit key space would
be up against its 2<sup>256</sup> possible permutations.
be up against its 2<sup>256</sup> possible permutations. When using AES-256
encryption with a key derived from a password with more than 256 entropy bits, the
entropy of the AES key is the bottleneck; an attacker would fare better by doing an
exhaustive key search for the AES key than a brute-force attack for the password.
To calculate the entropy of a password, I recommend using a tool such as
[zxcvbn](https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler)