On Tue, 07 May 2013 11:27:55 -0500
Barnet Wagman <b...@norbl.com> wrote:
| Is there a maximum password length for encfs? And is there maximum
| useful length? I haven't been able to find any documentation on this.
|
| thanks
|
| ------------------------------------------------------------------------------
| Learn Graph Databases - Download FREE O'Reilly Book
| "Graph Databases" is the definitive new guide to graph databases and
| their applications. This 200-page book is written by three acclaimed
| leaders in the field. The early access version is available now.
| Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
| _______________________________________________
| Encfs-users mailing list
| Encfs-users@lists.sourceforge.net
| https://lists.sourceforge.net/lists/listinfo/encfs-users
The passwords are hashed (repeatedally).
As such the whole password is used, regardless of the length,
but generates a cryptographic key of fixed length, as required by
the standard cryptography functions.
Note that it is iterated (not fixed) multiple times whcih will slow the
password to cryptographic key to about 1/2 second, making the use of
brute force cracking usinf dictionary words, or rainbow tables less
useful. This is known as PBKDF2 password hashing (salt+interation count)
NOTE the default openssl file encryption only uses PBKDF1.5 password
hashing which means a random salt is used with the users password
(prevent rainbow tables) but no iteration is performed, and as such
could be cracked with optimized brute force cracking.
I myself go further in that I keep the encfs configuration separate to
the encfs encrypted directory. That means the encfs data that may be
stored on a remote system, does not include the extra info (salt and
iteration count) needed with the user password to decrypt the data.
Anthony Thyssen ( System Programmer ) <a.thys...@griffith.edu.au>
--------------------------------------------------------------------------
The trouble with computers, of course,
is that they're very sophisticated idiots. -- Doctor Who, "Robot"
--------------------------------------------------------------------------
Anthony's Castle http://www.ict.griffith.edu.au/anthony/
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Encfs-users mailing list
Encfs-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/encfs-users
