From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] luksFormat Password Entropy
Date: Thu, 19 Aug 2010 20:35:32 +0200 [thread overview]
Message-ID: <20100819183532.GB22363@tansi.org> (raw)
In-Reply-To: <20100819142817.GA12238@fancy-poultry.org>
On Thu, Aug 19, 2010 at 04:28:17PM +0200, Heinz Diehl wrote:
> On 19.08.2010, Michael Matczynski wrote:
>
> > For luksFormat, is there a difference in password strength between the
> > following two passwords?
>
> > 1.) <256bitsecret>
> >
> > 2.) <256bitsecret> | base64
>
> Yes, if both passwords have the same length and you choose a
> password which
> is built upon a base of at least more than 64 different chars.
The latter is no needed. base64 is an Isomprphism and as such
does not change total string entropy, regardless of input.
And the crypto-hash just cares about the entropy, not ho
it is encoded.
> The password strength (entropy) is calculated this way,
>
> B = ((L * log P) / log 2)
Hmm. I have
B[bit] = L * b[bit] // L symbols
and
b[bit] = log2(P) // entropy/symbol, all symbols equally probable
i.e.
B[bit] = L * log2(P)
= L * ln(P) / ln(2)
Ok, matches. Although I find B = L * log2(P) easier to remember.
> where B is the entropy in bits, L is the length of the password,
> and P is the amount of possible different chars (the "pool").
> So if you choose base64, P will always be 64,
No, actually, the input can restrict P to something smaller.
Your formula only holds for equally probable symbols, with
probabilitoes independent. Symbols that do not show up (or
do no show up in specific locations) are not equally probable
anymore...
> and if you choose a password which e.g. includes A-Za-z0-9
> of random chars as %!"/(] (and so on), P will be higher,
> thus resulting in a higher strength of the overall password.
>
> As long as you choose a password with P > 64, it will be stronger.
Yes, but if you coose a password with higher P, it will
be stronger. Nothing special about P=64.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
next prev parent reply other threads:[~2010-08-19 18:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-18 20:11 [dm-crypt] luksFormat Password Entropy Michael Matczynski
2010-08-19 13:54 ` Arno Wagner
2010-08-19 14:28 ` Heinz Diehl
2010-08-19 15:23 ` Heinz Diehl
2010-08-19 18:35 ` Arno Wagner [this message]
2010-08-21 7:30 ` Heinz Diehl
2010-08-21 17:41 ` Arno Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100819183532.GB22363@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox