[cryptography] Current state of brute-forcing random keys?
paul at ciphergoth.org
Thu Jun 9 15:11:00 EDT 2011
On 09/06/11 18:14, Paul Hoffman wrote:
> Greetings again. I am helping someone design a system that will involve giving someone a randomly-generated key that they have to type in order to unlock data that is private but not terribly valuable. Thus, we want to keep the key as short as practical to reduce typing and mis-typing, but long enough to prevent trivial brute-force attacks. The encryption will be AES-128 in CBC mode.
You can make this stronger by stretching the key: repeatedly hashing the
passphrase before using it as a key to make brute-force attacks harder.
We know *lots* about how fast SHA-256 can be run because of its use in
On an unrelated note, if I have to enter a randomly-generated passphrase
with 80 bits of entropy, I'd personally rather enter a 25-character all
lower case passphrase than a 19 character mixed-case passphrase with
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the cryptography