Timeline for How is the strength of a key/Password determined
Current License: CC BY-SA 4.0
14 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 16, 2019 at 21:09 | vote | accept | Vasu Deo.S | ||
| May 16, 2019 at 21:02 | comment | added | AndrolGenhald | @VasuDeo.S For passwords used for login, this is generally a database-dump of password hashes. For encrypted files, a known-plaintext allows detecting if the decryption is correct (many files formats start with a certain sequence of bytes, some file formats are legal xml, etc). | |
| May 16, 2019 at 21:01 | comment | added | reed | @VasuDeo.S, no, the attacker obviously doesn't have the right key! They need to find the right key, but instead of bruteforcing the key (and with each key try to decrypt the data, over and over), they bruteforce the password (and with each password they calculate the corresponding key using the KDF, which in turn will be used to try to decrypt the data). It's one more step needed. Which seems a waste of time, but it's not, because bruteforcing the password will generally be much easier (less entropy) than trying to bruteforce the long random key. | |
| May 16, 2019 at 20:54 | comment | added | Vasu Deo.S | Just one last question, how does the attacker get the hold of the key stream of the password at first place. What if he doesn't have it and he wants to decrypt a file from scratch. Like how will he compare the key stream now? | |
| May 16, 2019 at 20:53 | comment | added | AndrolGenhald | @VasuDeo.S Correct, this works because passwords are often chosen very poorly. | |
| May 16, 2019 at 20:49 | comment | added | Vasu Deo.S | @reed Rectify me If i am wrong. User's choose their desired passwords, these passwords get's converted into a random key stream (using something like hashing) and is then used to encrypt data. If the attacker wants to obtain the password back, he/she goes for permutations/combinations of passwords, and passes each of them via a KDF, obtain's its bit stream and compares it with the bit stream of the password. So In general, it's the character's that are bruteforce'd rather then the bits. | |
| May 16, 2019 at 20:42 | history | edited | reed | CC BY-SA 4.0 | added 14 characters in body |
| May 16, 2019 at 20:39 | comment | added | reed | @VasuDeo.S, I added some more info at the beginning of my answer, saying that I suspect you might be confusing "size" with "entropy". It might be confusing because often when people talk about "bits" in a password they are referring to its entropy. | |
| May 16, 2019 at 20:37 | comment | added | AndrolGenhald | @VasuDeo.S You don't use ASCII as a key because ASCII only has 95 printable characters that each take 8 bits. For a 128 bit key that means you only get log2(95^16) = 105.117689733 bits of entropy. A KDF can take a longer printable key and turn it into a 128 bit key. You can however encode a 128 bit key as hex using 32 ASCII characters, but that's not really using ASCII as the key, it's just a way to represent the key using ASCII. KDFs that are meant to be used for low-entropy passwords are also intentionally slow, to add "effective entropy" by making it take longer to brute force. | |
| May 16, 2019 at 20:37 | comment | added | reed | @VasuDeo.S, for several reasons. First of all, keys usually need to be of a specific length, for example exactly 128 bits, or exactly 256 bits, etc. So we need a way to transform every password, of any length, into a key of a specific length. A hash for this would work, yes. However, usually key derivation functions have "key stretching", used to make it more difficult to bruteforce the password. This is done by making the KDF waste more resources (like computing several rounds of hashes so it's going to take longer), so the attack will be slowed down. | |
| May 16, 2019 at 20:32 | comment | added | Vasu Deo.S | Btw can this key derivation function be considered somewhat as a hash function, which takes in input bits, and converted it into a series of pseudo random bits (unique to that input bits) | |
| May 16, 2019 at 20:32 | history | edited | reed | CC BY-SA 4.0 | added 628 characters in body |
| May 16, 2019 at 20:24 | comment | added | Vasu Deo.S | why are password's transformed into a key? Why not simply use the password bit's as a key? Like for example password is A then why can't we use ASCII/ANSI equivalent of this as an key (01000001) | |
| May 16, 2019 at 20:16 | history | answered | reed | CC BY-SA 4.0 |