[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How can I secure a Debian installation?

On 2/1/2014 9:41 AM, Florian Kulzer wrote:

On Sat, Feb 01, 2014 at 12:00:30 -0200, André Nunes Batista wrote:


Isn't it the case where the randomness of the key/password composes the
overall quality of the crypto substitutions in such a way that 4096bit
keys would necessarily provide better protection against cryptanalysis
when compared to dozens of random, valid characters?


As far as I understand it, that is correct: A 4096bit key gives you
2^4096 possibilities, while a string of n random characters selected
from a set of, let's say, 50 members (letters, numbers, special
characters) has 50^n possible values. To break even with the 4096bit
key, such a random-string password would therefore have to have a length
of n=4096*ln(2)/ln(50) characters, which is about 725.
No, a string of 50 members would have n^50 possible values. If you used 64 characters (for simplicity - i.e. upper and lower case letters, 0-9 and two special characters, as in base64 encoding) you would have 64^50 or 2^300 possible combinations.
Although it doesn't affect the fine outcome that much - you'd still need a string of 683 characters to match the complexity of the 4096 bit key. 

Jerry
Reply to: