- Original Message -
From: "Alex Pankratov" <[EMAIL PROTECTED]>
To:
Sent: Thursday, October 25, 2007 9:16 PM
Subject: Password vs data entropy
Say, we have a random value of 4 kilobits that someone wants
to keep secret by the means of protecting it with a password.
E
Alex Pankratov wrote:
>> I want to make this distinction because I'd like to talk
>> about secret keys, which have to be rather larger than 4
>> kbits to have 4kbits of entropy for modular arithmetic stuff.
>
> Are you referring to RSA-like secrets that involve prime
> numbers, which are therefo
> -Original Message-
> From: Ben Laurie [mailto:[EMAIL PROTECTED]
> Sent: Friday, October 26, 2007 3:56 PM
> To: Alex Pankratov
> Cc: cryptography@metzdowd.com
> Subject: Re: Password vs data entropy
>
[snip]
>
> In other words, your password needs to b
Alex Pankratov wrote:
> Say, we have a random value of 4 kilobits that someone wants
> to keep secret by the means of protecting it with a password.
It would assist understanding, I feel, if we thought about 4 kilobits of
entropy, rather than a 4 kilobit value. I want to make this distinction
be
Alex Pankratov wrote:
Or, rephrasing, what should the entropy of the password be
compared to the entropy of the value being protected (under
whatever keying/encryption scheme) ?
Eliminating all other variables, such as the hash algorithm used
to derive a key from the password (see previous th
On 10/26/07, Alex Pankratov <[EMAIL PROTECTED]> wrote:
> Or, rephrasing, what should the entropy of the password be
> compared to the entropy of the value being protected (under
> whatever keying/encryption scheme) ?
The entropy of the data is irrelevant. The question is its
value; that affects b
On Thu, Oct 25, 2007 at 09:16:21PM -0700, Alex Pankratov wrote:
> Assuming the password is an English word or a phrase, and the
> secret is truly random, does it mean that the password needs
> to be 3100+ characters in size in order to provide a "proper"
> degree of protection to the value ?
If
Say, we have a random value of 4 kilobits that someone wants
to keep secret by the means of protecting it with a password.
Empirical entropy estimate for an English text is 1.3 bits of
randomness per character, IIRC.
Assuming the password is an English word or a phrase, and the
secret is trul