[Cryptography] Recommendations for short AES passphrases
ianG
iang at iang.org
Sat Oct 1 19:19:32 EDT 2016
On 16/09/2016 17:42 pm, ıuoʎ wrote:
> I recently came by a service that uses dangerously short passphrases for
> AES.
...
> I think the main reason for selecting short passwords was that they
> could be easily shared/written and that might be a requirement of the
> software.
Easily remembered. Easily typed in.
...
> So I was trying to think how to increase the security while still
> keeping the passphrase relatively short.
>
> I thought of suggesting using 8 chars BASE 58 using random salt and
> PBKDF2 with 1000 iterations
> This is not very high number of iterations but on my system it takes a
> bit less then a second to calculate and
> since this is a runs on the clients which might be less powerful I don't
> think they would be willing to compromise much more time.
>
> So how feasible is this solution.
> Can a 8 char passphrase be relatively secure or can it be bruted
> relatively easily even with the increased rounds.
> Is there any better solution to have ~ strongly encrypted data with
> relatively short and easy to share key ?
>
> Any comments or helpful suggestions would be appreciated
An awful lot depends on who is using the system, and where.
In talking about BASE 58 or BASE X or any similar system you have
automatically limited yourself to a developer audience. Who are
non-representative.
Think about a phone. If it's a smart phone we are talking about an
alphabetic keyboard. And any other keys are a pain to type because we
have to keep hitting the meta keys. Plus, on a phone, all keys are
vulnerable to the fat-finger problem.
So in this context, it is easier to give the users several alpha words
in one case (26 + space) ... an entire extra word (26^4) is easier than
switching to digits (10^4).
Then, if it's a "feature" or dumb phone we're back to digits. And, an
extra 4 digits is easier than switching to letters. Try it some time...
If you don't give the users the method that works for their device, and
for them .. they desert, and you lose all security.
A 4 digit PIN is more secure than a 20 x BASE58 character password that
is never used.
iang
More information about the cryptography
mailing list