[Cryptography] How can you enter a 256-bit key in 12 decimal digits?
Tony Arcieri
bascule at gmail.com
Sun Jan 3 19:33:05 EST 2016
On Sun, Jan 3, 2016 at 11:26 AM, Ray Dillinger <bear at sonic.net> wrote:
> 256-bit encryption it says, but it has buttons for entering
> decimal digits and allows "up to 12-digit pass code combinations
> to protect your data from unauthorized use."
>
> Now, the last time I looked, 12 decimal digits equals about 40
> bits, not 256 bits. To enter a 256-bit key you need ~77 decimal
> digits, not 12.
>
> If someone can get at your data by brute forcing a key in a 40-
> bit key space, why is it legal to call this 256-bit encryption?
It's possible there's some sort of high-entropy on-device secret. There are
also ways of generating these secrets in such a way that attempts to
physically tamper with the device will destroy the secret generator, e.g.
https://en.wikipedia.org/wiki/Physical_unclonable_function
A high-entropy secret generated in this matter can be mixed with the PIN to
derive an encryption key. This allows you to implement hardware lockouts on
PIN entry at a very low level in hardware.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160103/ce978a1b/attachment.html>
More information about the cryptography
mailing list