On Thu, Oct 25, 2007 at 09:16:21PM -0700, Alex Pankratov wrote:
Assuming the password is an English word or a phrase, and the
secret is truly random, does it mean that the password needs
to be 3100+ characters in size in order to provide a proper
degree of protection to the value ?
If
On 10/26/07, Alex Pankratov [EMAIL PROTECTED] wrote:
Or, rephrasing, what should the entropy of the password be
compared to the entropy of the value being protected (under
whatever keying/encryption scheme) ?
The entropy of the data is irrelevant. The question is its
value; that affects both
Ilya Levin wrote:
I'm not affiliated with Elcomsoft and don't know their real
intentions, but what they are trying to do is perfectly reasonable.
Once they release a commercial product with such feature it is only a
matter of time until Microsoft or some other patent troll will run for
a
Alex Pankratov wrote:
Say, we have a random value of 4 kilobits that someone wants
to keep secret by the means of protecting it with a password.
It would assist understanding, I feel, if we thought about 4 kilobits of
entropy, rather than a 4 kilobit value. I want to make this distinction
-Original Message-
From: Ben Laurie [mailto:[EMAIL PROTECTED]
Sent: Friday, October 26, 2007 3:56 PM
To: Alex Pankratov
Cc: cryptography@metzdowd.com
Subject: Re: Password vs data entropy
[snip]
In other words, your password needs to be x/y times the size of the
secret (in
Alex Pankratov wrote:
I want to make this distinction because I'd like to talk
about secret keys, which have to be rather larger than 4
kbits to have 4kbits of entropy for modular arithmetic stuff.
Are you referring to RSA-like secrets that involve prime
numbers, which are therefore