On 26 Jan 2016, at 20:29, Dashamir Hoxha wrote:
Maybe you are right about this. I have just read somewhere that
symmetric
encryption is stronger than asymmetric encryption, but maybe it
assumes
that the keys are of the same size.
Yes, that would be the case. It should be fairly safe to use a 12 byte
passphrase (96 bit key) with a modern symmetric encryption scheme, but
no public/private key system will be safe with such short key length.
But as Lenz pointed out, the key length would generally be 4096 bits,
which is impractical for a symmetric encryption key (since the user has
to type it out each time).
Furthermore, even with a 12 byte passphrase, it’s user generated, so
it’s unlikely to be truly random, which decrease the search space
(often significantly).
So in practice, I think asymmetric encryption is the better/stronger
choice.
For the same reason, many servers do not allow password login but
require key exchange authentication because (user generated) passwords
are weak.
_______________________________________________
Password-Store mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/password-store
