On 26 Jan 2016, at 23:03, Matthieu Weber wrote:
On Tue 26.01.2016 at 10:14:46PM +0700, Allan Odgaard wrote:
Furthermore, even with a 12 byte passphrase, it is user generated,
so it is unlikely to be truly random, which decrease the search
space (often significantly).
http://world.std.com/~reinhold/diceware.html solves that problem.
This is basically suggesting 25-30 throws of the dice for a truly random
password resulting in 65-77 bit keys: log2((6^5)^5)
The “dicelist” is there to make it possible for people to remember a
65-77 bit random number, but good luck convincing people to use this
scheme and also to have them generate a new passphrase for each new
application.
So in practice, I think asymmetric encryption is the better/stronger
choice.
You only displace the problem, by having to protect your private key
with a passphrase.
Which is still better since an attacker will need to steal your key
before they can brute-force your passphrase, and if you are worried
about this, you can move the key to a physical token, so now this
physical token needs to be stolen for someone to decrypt your files, and
this physical token can have its own security requiring specialized
tools in order to break them.
_______________________________________________
Password-Store mailing list
[email protected]
http://lists.zx2c4.com/mailman/listinfo/password-store
