mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-23 21:02:09 +00:00
Mention exhaustive key searches
This commit is contained in:
parent
6f610238f7
commit
10a29a8196
2 changed files with 5 additions and 2 deletions
|
@ -34,7 +34,7 @@ A good measure of password strength is *entropy bits.* The entropy bits in a pas
|
||||||
|
|
||||||
A brute-force attack that executes 2ⁿ guesses is certain to crack a password with n entropy bits, and has a one-in-two chance of cracking a password with n+1 entropy bits.
|
A brute-force attack that executes 2ⁿ guesses is certain to crack a password with n entropy bits, and has a one-in-two chance of cracking a password with n+1 entropy bits.
|
||||||
|
|
||||||
For scale, AES-256 encryption is currently the industry standard for strong symmetric encryption, and uses key lengths of 256-bits. An exhaustive key search over a 256-bit key space would be up against its 2²⁵⁶ possible permutations.
|
For scale, AES-256 encryption is currently the industry standard for strong symmetric encryption, and uses key lengths of 256-bits. An exhaustive key search over a 256-bit key space would be up against its 2²⁵⁶ possible permutations. When using AES-256 encryption with a key derived from a password with more than 256 entropy bits, the entropy of the AES key is the bottleneck; an attacker would fare better by doing an exhaustive key search for the AES key than a brute-force attack for the password.
|
||||||
|
|
||||||
=> https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard (Wikipedia)
|
=> https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard (Wikipedia)
|
||||||
|
|
||||||
|
|
|
@ -78,7 +78,10 @@ with *n*+1 entropy bits.
|
||||||
For scale, [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)
|
For scale, [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)
|
||||||
encryption is currently the industry standard for strong symmetric encryption, and
|
encryption is currently the industry standard for strong symmetric encryption, and
|
||||||
uses key lengths of 256-bits. An exhaustive key search over a 256-bit key space would
|
uses key lengths of 256-bits. An exhaustive key search over a 256-bit key space would
|
||||||
be up against its 2<sup>256</sup> possible permutations.
|
be up against its 2<sup>256</sup> possible permutations. When using AES-256
|
||||||
|
encryption with a key derived from a password with more than 256 entropy bits, the
|
||||||
|
entropy of the AES key is the bottleneck; an attacker would fare better by doing an
|
||||||
|
exhaustive key search for the AES key than a brute-force attack for the password.
|
||||||
|
|
||||||
To calculate the entropy of a password, I recommend using a tool such as
|
To calculate the entropy of a password, I recommend using a tool such as
|
||||||
[zxcvbn](https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler)
|
[zxcvbn](https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler)
|
||||||
|
|
Loading…
Reference in a new issue