DM-Crypt Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] luksFormat Password Entropy
Date: Sat, 21 Aug 2010 19:41:06 +0200	[thread overview]
Message-ID: <20100821174106.GA26458@tansi.org> (raw)
In-Reply-To: <20100821073025.GA7167@fancy-poultry.org>

On Sat, Aug 21, 2010 at 09:30:25AM +0200, Heinz Diehl wrote:
> On 19.08.2010, Arno Wagner wrote: 
> 
> > > So if you choose base64, P will always be 64, 
>  
> > No, actually, the input can restrict P to something smaller.
> 
> I don't think you're right. If the input doesn't lead to the use of 
> all of the chars available in base64, so does it "choose" from this pool 
> anyway. P is the amount of possibly available chars and is unrelated 
> to how many different ones out of this pool actually are used. 

You entropy formula assumes equal propbability and independence 
between the positions. 

> To
> bruteforce the password, you'll have to try all the 64 possibilities for
> each position (ok, statistically you'll have to try 50% of the whole
> headroom).
> 
> If you e.g. build a password which uses 5 numbers, P is 10 [0-9].
> A password out of 5 capital letters, P = 26 [A-Z]. For each of the
> positions ("slots") in the password, there are 10 different possibilities 
> related to the first, and 26 to the second password.

Assume independendce and uniform distribution, you are right.
Hiowever with non-independence and/or nonuniformness, you
are wrong. Example:

String of 10 "0"/"1" randomly, entropy is 10 bit:
   "1001010010"

base64("1001010010"): 
    "MTAwMTAxMDAxMAo"

15 chars, 7 different ones, still 10 bit entropy. Why?
a) the positions are not independent anymore and b)
the chars have nonuniform distribution. The formula for
the entropy here is a bit more complicated...

To comne back to my original argument, P is also restiricted
to something smaller, in addition to you entropy formula being
invalid for the second form.

The thing to remember here is that 1:1 mappings (Isomorphisms)
do not change the entropy of the whole object. Examples are 
compression, decompressions, encryption, decryption, base64
encoding or decoding, ...

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

      reply	other threads:[~2010-08-21 17:41 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-08-18 20:11 [dm-crypt] luksFormat Password Entropy Michael Matczynski
2010-08-19 13:54 ` Arno Wagner
2010-08-19 14:28 ` Heinz Diehl
2010-08-19 15:23   ` Heinz Diehl
2010-08-19 18:35   ` Arno Wagner
2010-08-21  7:30     ` Heinz Diehl
2010-08-21 17:41       ` Arno Wagner [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100821174106.GA26458@tansi.org \
    --to=arno@wagner.name \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox