Password vs data entropy
Alex Pankratov
ap at poneyhot.org
Sat Oct 27 00:41:21 EDT 2007
> -----Original Message-----
> From: Ben Laurie [mailto:ben at links.org]
> Sent: Friday, October 26, 2007 3:56 PM
> To: Alex Pankratov
> Cc: cryptography at metzdowd.com
> Subject: Re: Password vs data entropy
>
[snip]
>
> In other words, your password needs to be x/y times the size of the
> secret (in bits), where x and y are the costs of attacking the secret
> and the password respectively.
Essentially the entropy measure alone is not sufficient to
make a decision, we should also account for the algorithms
being used. This certainly makes sense .. now that you said
it :)
Is there any published research into entropy estimates of
PBKDF2 transformation ? Perhaps, for specific PRF(s) and
fixed iteration counts. I.e. if I have a password with N
bits of entropy in a password, what the entropy of the key
going to be like given *this* set of PBKDF2 parameters.
Also, can you elaborate on this remark ? Specifically, the
second part of it -
> I want to make this distinction because I'd like to talk
> about secret keys, which have to be rather larger than 4
> kbits to have 4kbits of entropy for modular arithmetic stuff.
Are you referring to RSA-like secrets that involve prime
numbers, which are therefore selected from a smaller subset
of Z(n) ?
Thanks,
Alex
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list