[Cryptography] Recommendations for short AES passphrases

ianG iang at iang.org
Sat Oct 1 19:19:32 EDT 2016 

On 16/09/2016 17:42 pm, ıuoʎ wrote:

> I recently came by a service that uses dangerously short passphrases for
> AES.
...
> I think the main reason for selecting short passwords was that they
> could be easily shared/written and that might be a requirement of the
> software.

Easily remembered.  Easily typed in.


...

> So I was trying to think how to increase the security while still
> keeping the passphrase relatively short.
>
> I thought of suggesting using 8 chars BASE 58 using random salt and
> PBKDF2 with 1000 iterations
> This is not very high number of iterations but on my system it takes a
> bit less then a second to calculate and
> since this is a runs on the clients which might be less powerful I don't
> think they would be willing to compromise much more time.
>
> So how feasible is this solution.
> Can a 8 char passphrase be relatively secure or can it be bruted
> relatively easily even with the increased rounds.
> Is there any better solution to have ~ strongly encrypted data with
> relatively short and easy to share key ?
>
> Any comments or helpful suggestions would be appreciated


An awful lot depends on who is using the system, and where.

In talking about BASE 58 or BASE X or any similar system you have 
automatically limited yourself to a developer audience.  Who are 
non-representative.

Think about a phone. If it's a smart phone we are talking about an 
alphabetic keyboard.  And any other keys are a pain to type because we 
have to keep hitting the meta keys.  Plus, on a phone, all keys are 
vulnerable to the fat-finger problem.

So in this context, it is easier to give the users several alpha words 
in one case (26 + space) ... an entire extra word (26^4) is easier than 
switching to digits (10^4).

Then, if it's a "feature" or dumb phone we're back to digits.  And, an 
extra 4 digits is easier than switching to letters.  Try it some time...

If you don't give the users the method that works for their device, and 
for them .. they desert, and you lose all security.

A 4 digit PIN is more secure than a 20 x BASE58 character password that 
is never used.



iang

More information about the cryptography mailing list