[cryptography] Current state of brute-forcing random keys?

Paul Crowley paul at ciphergoth.org
Thu Jun 9 15:11:00 EDT 2011


On 09/06/11 18:14, Paul Hoffman wrote:
> Greetings again. I am helping someone design a system that will involve giving someone a randomly-generated key that they have to type in order to unlock data that is private but not terribly valuable. Thus, we want to keep the key as short as practical to reduce typing and mis-typing, but long enough to prevent trivial brute-force attacks. The encryption will be AES-128 in CBC mode.

You can make this stronger by stretching the key: repeatedly hashing the 
passphrase before using it as a key to make brute-force attacks harder.

http://www.schneier.com/paper-low-entropy.html

We know *lots* about how fast SHA-256 can be run because of its use in 
BitCoin:

https://en.bitcoin.it/wiki/Mining_hardware_comparison

On an unrelated note, if I have to enter a randomly-generated passphrase 
with 80 bits of entropy, I'd personally rather enter a 25-character all 
lower case passphrase than a 19 character mixed-case passphrase with 
special characters.
-- 
   __
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/



More information about the cryptography mailing list