Re: Encrypting a file (*not* the usual stuff)
From: Igor Tandetnik (itandetnik_at_mvps.org)
Date: 09/15/04
- Next message: Igor Tandetnik: "Re: Encrypting a file (*not* the usual stuff)"
- Previous message: Igor Tandetnik: "Re: CAtlRegExp crashes with pound sign!"
- In reply to: George Ionescu: "Re: Encrypting a file (*not* the usual stuff)"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 15 Sep 2004 10:06:59 -0400
"George Ionescu" <geoionescu@hotmail.com> wrote in message
news:%23mlbc$umEHA.512@TK2MSFTNGP10.phx.gbl
>> How exactly hashing a password helps against the small key size? It
>> looks like you take a long and secure password (hashed or otherwise),
>> produce a small key from it, and use the key to decrypt the data.
>
> Actually, I take a small password (e.g. 8 chars long), produce 8 MD5
> hashes from it and use the result as a key. So, from 5 byte key I've
> obtained a 256 bytes key.
But there are still just 5 bytes of entropy in it. You can only say that
a system uses 256 bytes key if it can actually use every possible 256
byte value as a key. It's like saying that you've taken a one byte key,
padded it with 255 zeros, and suddenly you have a 256 byte key and your
system is significantly more secure.
Again, knowing your key generation system, I'm going to brute-force the
weakest link. Instead of trying all possible 256 byte keys, I'll try all
possible 8 character passwords (possibly using a dictionary to try more
likely passwords first), generate a key from each, and try to decrypt
with that key.
>> So if I want to brute-force, I'm not going to crack the password -
>> I'll just try to decrypt with all possible keys.
>
> You're right. However, how long is it going to take you to try to
> decrypt a block encrypted with RC4 and a key of 2048 bits?
Where did these numbers come from? Your post, the one I responded to,
mentioned "smaller key sizes". Besides, RC4 is a stream cipher so I'm
not sure what you mean by "block" here.
> If you have any other idea which might be more secure, I'm opened to
> suggestions.
I'm not saying your approach is insecure. I'm just cautioning you from a
false sense of security caused by application of snake oil measures -
like taking a small source of randomness, producing a large key from it
deterministically, and believing that the difficulty of attack is
commesurate with the large key size, when in fact you still have as much
security as the original small source afforded.
In the example above, don't tell yourself that you now have a 1024-bit
secure key. You actually have 64-bit of security (your 8 byte password),
or even smaller since passwords are usually limited to printable
characters, and people tend to choose easily remembered ones. Now,
whether or not these 64-bit are sufficiently secure is for you to
decide - maybe they are, depending on the value of the data you are
trying to protect.
You may want to look at http://www.ietf.org/rfc/rfc2898.txt
--
With best wishes,
Igor Tandetnik
"On two occasions, I have been asked [by members of Parliament], 'Pray,
Mr. Babbage, if you put into the machine wrong figures, will the right
answers come out?' I am not able to rightly apprehend the kind of
confusion of ideas that could provoke such a question." -- Charles
Babbage
- Next message: Igor Tandetnik: "Re: Encrypting a file (*not* the usual stuff)"
- Previous message: Igor Tandetnik: "Re: CAtlRegExp crashes with pound sign!"
- In reply to: George Ionescu: "Re: Encrypting a file (*not* the usual stuff)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
