> -----Original Message----- > From: Ben Laurie [mailto:[EMAIL PROTECTED] > Sent: Friday, October 26, 2007 3:56 PM > To: Alex Pankratov > Cc: cryptography@metzdowd.com > Subject: Re: Password vs data entropy > [snip] > > In other words, your password needs to be x/y times the size of the > secret (in bits), where x and y are the costs of attacking the secret > and the password respectively.
Essentially the entropy measure alone is not sufficient to make a decision, we should also account for the algorithms being used. This certainly makes sense .. now that you said it :) Is there any published research into entropy estimates of PBKDF2 transformation ? Perhaps, for specific PRF(s) and fixed iteration counts. I.e. if I have a password with N bits of entropy in a password, what the entropy of the key going to be like given *this* set of PBKDF2 parameters. Also, can you elaborate on this remark ? Specifically, the second part of it - > I want to make this distinction because I'd like to talk > about secret keys, which have to be rather larger than 4 > kbits to have 4kbits of entropy for modular arithmetic stuff. Are you referring to RSA-like secrets that involve prime numbers, which are therefore selected from a smaller subset of Z(n) ? Thanks, Alex --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
