Re: luksFormat Password Entropy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Aug 19, 2010 at 04:28:17PM +0200, Heinz Diehl wrote:
> On 19.08.2010, Michael Matczynski wrote: 
> 
> > For luksFormat, is there a difference in password strength between the
> > following two passwords?
>  
> > 1.) <256bitsecret>
> > 
> > 2.) <256bitsecret> | base64
> 
> Yes, if both passwords have the same length and you choose a 
> password which 
> is built upon a base of at least more than 64 different chars.

The latter is no needed. base64 is an Isomprphism and as such
does not change total string entropy, regardless of input.
And the crypto-hash just cares about the entropy, not ho
it is encoded.

> The password strength (entropy) is calculated this way,
> 
>  B = ((L * log P) / log 2)

Hmm. I have 

   B[bit] = L * b[bit]        // L symbols
and 
   b[bit] = log2(P)           // entropy/symbol, all symbols equally probable
i.e.
   B[bit] = L * log2(P) 
          = L * ln(P) / ln(2)

Ok, matches. Although I find B = L * log2(P) easier to remember.
   
> where B is the entropy in bits, L is the length of the password, 
> and P is the amount of possible different chars (the "pool"). 
> So if you choose base64, P will always be 64, 

No, actually, the input can restrict P to something smaller.
Your formula only holds for equally probable symbols, with
probabilitoes independent. Symbols that do not show up (or
do no show up in specific locations) are not equally probable 
anymore...

> and if you choose a password which e.g. includes A-Za-z0-9
> of random chars as %!"/(] (and so on), P will be higher, 
> thus resulting in a higher strength of the overall password. 
>
> As long as you choose a password with P > 64, it will be stronger.

Yes, but if you coose a password with higher P, it will
be stronger. Nothing special about P=64. 


Arno

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux