From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195]) by mail.saout.de (Postfix) with ESMTP for ; Sat, 21 Aug 2010 19:41:08 +0200 (CEST) Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch [84.74.164.239]) by tansi.org (Postfix) with ESMTPA id C75881218525 for ; Sat, 21 Aug 2010 19:41:07 +0200 (CEST) Date: Sat, 21 Aug 2010 19:41:06 +0200 From: Arno Wagner Message-ID: <20100821174106.GA26458@tansi.org> References: <20100819142817.GA12238@fancy-poultry.org> <20100819183532.GB22363@tansi.org> <20100821073025.GA7167@fancy-poultry.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100821073025.GA7167@fancy-poultry.org> Subject: Re: [dm-crypt] luksFormat Password Entropy List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Sat, Aug 21, 2010 at 09:30:25AM +0200, Heinz Diehl wrote: > On 19.08.2010, Arno Wagner wrote: > > > > So if you choose base64, P will always be 64, > > > No, actually, the input can restrict P to something smaller. > > I don't think you're right. If the input doesn't lead to the use of > all of the chars available in base64, so does it "choose" from this pool > anyway. P is the amount of possibly available chars and is unrelated > to how many different ones out of this pool actually are used. You entropy formula assumes equal propbability and independence between the positions. > To > bruteforce the password, you'll have to try all the 64 possibilities for > each position (ok, statistically you'll have to try 50% of the whole > headroom). > > If you e.g. build a password which uses 5 numbers, P is 10 [0-9]. > A password out of 5 capital letters, P = 26 [A-Z]. For each of the > positions ("slots") in the password, there are 10 different possibilities > related to the first, and 26 to the second password. Assume independendce and uniform distribution, you are right. Hiowever with non-independence and/or nonuniformness, you are wrong. Example: String of 10 "0"/"1" randomly, entropy is 10 bit: "1001010010" base64("1001010010"): "MTAwMTAxMDAxMAo" 15 chars, 7 different ones, still 10 bit entropy. Why? a) the positions are not independent anymore and b) the chars have nonuniform distribution. The formula for the entropy here is a bit more complicated... To comne back to my original argument, P is also restiricted to something smaller, in addition to you entropy formula being invalid for the second form. The thing to remember here is that 1:1 mappings (Isomorphisms) do not change the entropy of the whole object. Examples are compression, decompressions, encryption, decryption, base64 encoding or decoding, ... Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier