From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.8]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 19 Aug 2010 16:28:19 +0200 (CEST) Date: Thu, 19 Aug 2010 16:28:17 +0200 From: Heinz Diehl Message-ID: <20100819142817.GA12238@fancy-poultry.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] luksFormat Password Entropy List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 19.08.2010, Michael Matczynski wrote: > For luksFormat, is there a difference in password strength between the > following two passwords? > 1.) <256bitsecret> > > 2.) <256bitsecret> | base64 Yes, if both passwords have the same length and you choose a password which is built upon a base of at least more than 64 different chars. The password strength (entropy) is calculated this way, B = ((L * log P) / log 2) where B is the entropy in bits, L is the length of the password, and P is the amount of possible different chars (the "pool"). So if you choose base64, P will always be 64, and if you choose a password which e.g. includes A-Za-z0-9 og random chars as %!"/(] (and so on), P will be higher, thus resulting in a higher strength of the overall password. As long as you choose a password with P > 64, it will be stronger. There are P^N different passwords. > Does the use of PBKDF2 make the longer but less entropy password #2 > equivalent to #1? If the hash used in PBKDF2 is not flawed or broken: yes.