On Sat 01 Feb 2014 at 11:18:17 -0500, Jerry Stuckle wrote: > On 2/1/2014 10:21 AM, Jerry Stuckle wrote: > >On 2/1/2014 9:41 AM, Florian Kulzer wrote: > >>On Sat, Feb 01, 2014 at 12:00:30 -0200, André Nunes Batista wrote: > >>> > >>>Isn't it the case where the randomness of the key/password composes the > >>>overall quality of the crypto substitutions in such a way that 4096bit > >>>keys would necessarily provide better protection against cryptanalysis > >>>when compared to dozens of random, valid characters? > >> > >>As far as I understand it, that is correct: A 4096bit key gives you > >>2^4096 possibilities, while a string of n random characters selected > >>from a set of, let's say, 50 members (letters, numbers, special > >>characters) has 50^n possible values. To break even with the 4096bit > >>key, such a random-string password would therefore have to have a length > >>of n=4096*ln(2)/ln(50) characters, which is about 725. > >> > > > >No, a string of 50 members would have n^50 possible values. If you used > >64 characters (for simplicity - i.e. upper and lower case letters, 0-9 > >and two special characters, as in base64 encoding) you would have 64^50 > >or 2^300 possible combinations. > > > >Although it doesn't affect the fine outcome that much - you'd still need > >a string of 683 characters to match the complexity of the 4096 bit key. > > > >Jerry > > > > > > Damn - my bad. You're right, and I shouldn't be responding before > my first cup of coffee :(
A second cup often helps to see things in a different light. :) For n=12 there are 50^12 combinations. An online attack with a sustained 100 attempts per second (too low?) would statisically produce a hit in about 3x10^10 years. In a practical context the protection offered by a 4096bit key is no better than a password with 12 random characters. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140202004317.gq3...@copernicus.demon.co.uk
