* [dm-crypt] luksFormat Password Entropy
@ 2010-08-18 20:11 Michael Matczynski
2010-08-19 13:54 ` Arno Wagner
2010-08-19 14:28 ` Heinz Diehl
0 siblings, 2 replies; 7+ messages in thread
From: Michael Matczynski @ 2010-08-18 20:11 UTC (permalink / raw)
To: dm-crypt
For luksFormat, is there a difference in password strength between the
following two passwords?
1.) <256bitsecret>
2.) <256bitsecret> | base64
Does the use of PBKDF2 make the longer but less entropy password #2
equivalent to #1?
Thanks!
Mike
--
Michael Matczynski
e: mjm@alum.mit.edu
w: www.zingtech.com
w: www.catchwine.com
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] luksFormat Password Entropy
2010-08-18 20:11 [dm-crypt] luksFormat Password Entropy Michael Matczynski
@ 2010-08-19 13:54 ` Arno Wagner
2010-08-19 14:28 ` Heinz Diehl
1 sibling, 0 replies; 7+ messages in thread
From: Arno Wagner @ 2010-08-19 13:54 UTC (permalink / raw)
To: dm-crypt
Without looking at the details, the passphrase/password is
basically hashed and hashing to concentrate entropy is
something that works very well.
So, no difference.
Incidentially, while 2.) has less entropy per bit, it does not
have less entropy per symbol (the whole password). If you
just say "entropy", in crypto that usually means the entropy of
the whole password/passphrase as it is perceived as one "symbol".
Confusing, I know and the respective communities all think
the usage is clear.
Arno
On Wed, Aug 18, 2010 at 04:11:51PM -0400, Michael Matczynski wrote:
> For luksFormat, is there a difference in password strength between the
> following two passwords?
>
> 1.) <256bitsecret>
>
> 2.) <256bitsecret> | base64
>
> Does the use of PBKDF2 make the longer but less entropy password #2
> equivalent to #1?
>
> Thanks!
> Mike
>
>
> --
> Michael Matczynski
> e: mjm@alum.mit.edu
> w: www.zingtech.com
> w: www.catchwine.com
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] luksFormat Password Entropy
2010-08-18 20:11 [dm-crypt] luksFormat Password Entropy Michael Matczynski
2010-08-19 13:54 ` Arno Wagner
@ 2010-08-19 14:28 ` Heinz Diehl
2010-08-19 15:23 ` Heinz Diehl
2010-08-19 18:35 ` Arno Wagner
1 sibling, 2 replies; 7+ messages in thread
From: Heinz Diehl @ 2010-08-19 14:28 UTC (permalink / raw)
To: dm-crypt
On 19.08.2010, Michael Matczynski wrote:
> For luksFormat, is there a difference in password strength between the
> following two passwords?
> 1.) <256bitsecret>
>
> 2.) <256bitsecret> | base64
Yes, if both passwords have the same length and you choose a password which
is built upon a base of at least more than 64 different chars.
The password strength (entropy) is calculated this way,
B = ((L * log P) / log 2)
where B is the entropy in bits, L is the length of the password, and P is
the amount of possible different chars (the "pool"). So if you choose base64,
P will always be 64, and if you choose a password which e.g. includes A-Za-z0-9
og random chars as %!"/(] (and so on), P will be higher, thus resulting in
a higher strength of the overall password. As long as you choose a
password with P > 64, it will be stronger.
There are P^N different passwords.
> Does the use of PBKDF2 make the longer but less entropy password #2
> equivalent to #1?
If the hash used in PBKDF2 is not flawed or broken: yes.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] luksFormat Password Entropy
2010-08-19 14:28 ` Heinz Diehl
@ 2010-08-19 15:23 ` Heinz Diehl
2010-08-19 18:35 ` Arno Wagner
1 sibling, 0 replies; 7+ messages in thread
From: Heinz Diehl @ 2010-08-19 15:23 UTC (permalink / raw)
To: dm-crypt
On 19.08.2010, Heinz Diehl wrote:
> There are P^N different passwords.
P^L, of course..
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] luksFormat Password Entropy
2010-08-19 14:28 ` Heinz Diehl
2010-08-19 15:23 ` Heinz Diehl
@ 2010-08-19 18:35 ` Arno Wagner
2010-08-21 7:30 ` Heinz Diehl
1 sibling, 1 reply; 7+ messages in thread
From: Arno Wagner @ 2010-08-19 18:35 UTC (permalink / raw)
To: dm-crypt
On Thu, Aug 19, 2010 at 04:28:17PM +0200, Heinz Diehl wrote:
> On 19.08.2010, Michael Matczynski wrote:
>
> > For luksFormat, is there a difference in password strength between the
> > following two passwords?
>
> > 1.) <256bitsecret>
> >
> > 2.) <256bitsecret> | base64
>
> Yes, if both passwords have the same length and you choose a
> password which
> is built upon a base of at least more than 64 different chars.
The latter is no needed. base64 is an Isomprphism and as such
does not change total string entropy, regardless of input.
And the crypto-hash just cares about the entropy, not ho
it is encoded.
> The password strength (entropy) is calculated this way,
>
> B = ((L * log P) / log 2)
Hmm. I have
B[bit] = L * b[bit] // L symbols
and
b[bit] = log2(P) // entropy/symbol, all symbols equally probable
i.e.
B[bit] = L * log2(P)
= L * ln(P) / ln(2)
Ok, matches. Although I find B = L * log2(P) easier to remember.
> where B is the entropy in bits, L is the length of the password,
> and P is the amount of possible different chars (the "pool").
> So if you choose base64, P will always be 64,
No, actually, the input can restrict P to something smaller.
Your formula only holds for equally probable symbols, with
probabilitoes independent. Symbols that do not show up (or
do no show up in specific locations) are not equally probable
anymore...
> and if you choose a password which e.g. includes A-Za-z0-9
> of random chars as %!"/(] (and so on), P will be higher,
> thus resulting in a higher strength of the overall password.
>
> As long as you choose a password with P > 64, it will be stronger.
Yes, but if you coose a password with higher P, it will
be stronger. Nothing special about P=64.
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] luksFormat Password Entropy
2010-08-19 18:35 ` Arno Wagner
@ 2010-08-21 7:30 ` Heinz Diehl
2010-08-21 17:41 ` Arno Wagner
0 siblings, 1 reply; 7+ messages in thread
From: Heinz Diehl @ 2010-08-21 7:30 UTC (permalink / raw)
To: dm-crypt
On 19.08.2010, Arno Wagner wrote:
> > So if you choose base64, P will always be 64,
> No, actually, the input can restrict P to something smaller.
I don't think you're right. If the input doesn't lead to the use of
all of the chars available in base64, so does it "choose" from this pool
anyway. P is the amount of possibly available chars and is unrelated
to how many different ones out of this pool actually are used. To
bruteforce the password, you'll have to try all the 64 possibilities for
each position (ok, statistically you'll have to try 50% of the whole
headroom).
If you e.g. build a password which uses 5 numbers, P is 10 [0-9].
A password out of 5 capital letters, P = 26 [A-Z]. For each of the
positions ("slots") in the password, there are 10 different possibilities
related to the first, and 26 to the second password.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [dm-crypt] luksFormat Password Entropy
2010-08-21 7:30 ` Heinz Diehl
@ 2010-08-21 17:41 ` Arno Wagner
0 siblings, 0 replies; 7+ messages in thread
From: Arno Wagner @ 2010-08-21 17:41 UTC (permalink / raw)
To: dm-crypt
On Sat, Aug 21, 2010 at 09:30:25AM +0200, Heinz Diehl wrote:
> On 19.08.2010, Arno Wagner wrote:
>
> > > So if you choose base64, P will always be 64,
>
> > No, actually, the input can restrict P to something smaller.
>
> I don't think you're right. If the input doesn't lead to the use of
> all of the chars available in base64, so does it "choose" from this pool
> anyway. P is the amount of possibly available chars and is unrelated
> to how many different ones out of this pool actually are used.
You entropy formula assumes equal propbability and independence
between the positions.
> To
> bruteforce the password, you'll have to try all the 64 possibilities for
> each position (ok, statistically you'll have to try 50% of the whole
> headroom).
>
> If you e.g. build a password which uses 5 numbers, P is 10 [0-9].
> A password out of 5 capital letters, P = 26 [A-Z]. For each of the
> positions ("slots") in the password, there are 10 different possibilities
> related to the first, and 26 to the second password.
Assume independendce and uniform distribution, you are right.
Hiowever with non-independence and/or nonuniformness, you
are wrong. Example:
String of 10 "0"/"1" randomly, entropy is 10 bit:
"1001010010"
base64("1001010010"):
"MTAwMTAxMDAxMAo"
15 chars, 7 different ones, still 10 bit entropy. Why?
a) the positions are not independent anymore and b)
the chars have nonuniform distribution. The formula for
the entropy here is a bit more complicated...
To comne back to my original argument, P is also restiricted
to something smaller, in addition to you entropy formula being
invalid for the second form.
The thing to remember here is that 1:1 mappings (Isomorphisms)
do not change the entropy of the whole object. Examples are
compression, decompressions, encryption, decryption, base64
encoding or decoding, ...
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2010-08-21 17:41 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-18 20:11 [dm-crypt] luksFormat Password Entropy Michael Matczynski
2010-08-19 13:54 ` Arno Wagner
2010-08-19 14:28 ` Heinz Diehl
2010-08-19 15:23 ` Heinz Diehl
2010-08-19 18:35 ` Arno Wagner
2010-08-21 7:30 ` Heinz Diehl
2010-08-21 17:41 ` Arno Wagner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox