[106503] in cryptography@c2.net mail archive
RE: Password vs data entropy
daemon@ATHENA.MIT.EDU (Alex Pankratov)
Sat Oct 27 11:35:42 2007
From: "Alex Pankratov" <ap@poneyhot.org>
To: "'Ben Laurie'" <ben@links.org>
Cc: <cryptography@metzdowd.com>
Date: Fri, 26 Oct 2007 21:41:21 -0700
In-Reply-To: <47227085.9040303@links.org>
> -----Original Message-----
> From: Ben Laurie [mailto:ben@links.org]
> Sent: Friday, October 26, 2007 3:56 PM
> To: Alex Pankratov
> Cc: cryptography@metzdowd.com
> Subject: Re: Password vs data entropy
>
[snip]
>
> In other words, your password needs to be x/y times the size of the
> secret (in bits), where x and y are the costs of attacking the secret
> and the password respectively.
Essentially the entropy measure alone is not sufficient to
make a decision, we should also account for the algorithms
being used. This certainly makes sense .. now that you said
it :)
Is there any published research into entropy estimates of
PBKDF2 transformation ? Perhaps, for specific PRF(s) and
fixed iteration counts. I.e. if I have a password with N
bits of entropy in a password, what the entropy of the key
going to be like given *this* set of PBKDF2 parameters.
Also, can you elaborate on this remark ? Specifically, the
second part of it -
> I want to make this distinction because I'd like to talk
> about secret keys, which have to be rather larger than 4
> kbits to have 4kbits of entropy for modular arithmetic stuff.
Are you referring to RSA-like secrets that involve prime
numbers, which are therefore selected from a smaller subset
of Z(n) ?
Thanks,
Alex
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
