|
Posted by Mark Shroyer on July 11, 2007, 1:56 am
If you were Registered and logged in, you could reply and use other advanced thread options
>> No, you shouldn't need to enter a 32-character password (although I
>> can't say for sure because you still haven't specified what software
>> you're talking about :) ). What usually happens is that the 256-bit
>> symmetric key is generated as some hash of whatever password you
>> provide. The longer and more random the password (until you get past
>> 32 random ASCII characters, anyway), the more entropy in your 256-bit
>> AES key and therefore the more theoretically secure it is -- but in
>> practice a dozen or so characters should be all the entropy you need,
>> depending on the quality of your software's hash algorithm and how
>> sensitive your data is.
>
> This is imprecise. 32 characters will by far not be enough for the
> password to have 256 bits of entropy. Remember that users only use a
> subset of all possible characters (and they shouldn't use them all,
> because of localization issues).
>
> In most cases one character of the password will have slightly less than
> seven bits of entropy, because you don't type eight bit characters, and
> you also don't type control characters.
Yes, you're right of course; by "32 random ASCII characters" I
actually meant 32 characters from all possible ASCII values 0-127,
printable or not. Just thought I'd leave out the discussion of
practical specifics in the interest of brevity.
>> There's no de-facto standard algorithm for converting passwords into
>> symmetric encryption keys (as far as I know -- maybe someone here
>> knows better?), [...]
>
> There is: PBKDF2, for example.
Thanks, I hadn't realized there is an IETF standard for this. Even
so, because AES software doesn't inherently use PBKDF2, the original
poster cannot rely on his program to be password-compatible with
whatever arbitrary decryption package his recipient may decide to
use.
>> [...] so different software might interpret the same password as
>> signifying different keys. You probably won't be able to determine
>> the actual AES key that your software used unless you're willing to
>> dig into its source code.
>
> If they both use the same protocol together with the same specification,
> then most likely they will be compatible.
--
Mark Shroyer
http://markshroyer.com/
| 
XML site map