![]() ![]() Salts and configurable slowness, the two mantras of good password processing, are to be applied on step 1, not step 2. The encryption algorithm is applied to whatever data is to be encrypted.The password is transformed into a key suitable for the symmetric encryption algorithm which is to be used.When doing encryption while using a password as key, there are two phases: If you had say a 6 word diceware passphrase (77 bits of entropy) it would take 100 billion years of today's CPU time to break. Eight random characters (upper/lowercase + numbers) ~ 2 47 ~ 10 14? The quoted benchmark may take ~10 microseconds (10 -5 s) to try one password so you could try 10^14 passwords in a 10 9 s ~ 100 years of CPU time which is in the realm of feasibility for say gov't to eventually break. ![]() You probably should be using a passphrase. However, you mention you have a complex password. There have been no extensions to these results since they were "But even from a theoretical perspective, Twofish isn't even remotelyīroken. Wikipedia lists some progress on attacks of twofish, but concludes by quotes the first author of the a decades old published partial attack: (these are benchmarks for encryption but should be similar). The time necessary to check a single passphrase of twofish and DES are both similar (see time/cycles to set up key and IV - initialization vector): I think that Password Safe now supports something like the work factor of bcrypt, but if I'm going to use the Spolsky method of sharing my file between computers with Dropbox, I want to be very sure that, if it fell into the wrong hands, nobody would be able to brute force it.Īssuming I've chosen a complex password, how secure is the encryption on these files?īy fast, they mean once you've set up a decryption key (e.g., entered your passphrase), you can decrypt a large or small file very quickly. I want it to be very difficult to brute force my password file, so I want the decryption be relatively slow. Password Safe protects passwords with the Twofish encryptionĪlgorithm, a fast, free alternative to DES.Īlthough I respect Schneier, the "fast" encryption part gives me pause. Password Safe was created by Bruce Schneier, who said the following about it: They use the same file format, so you can alternate between the two, using the same file, as Joel Spolsky recommended. Both store a list of user passwords in a file, which is encrypted using a master password.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |