Length for AES256 symmetric encryption passphrase?
Robert J. Hansen
rjh at sixdemonbag.org
Fri Apr 4 19:10:55 CEST 2014
> Interesting math. However, I believe the OP mentioned they're generating
> the password and storing so human readable, i.e. English, isn't an issue.
> What would be the recommended length for completely random characters
> generated, for example, by a password manager such as keepassx?
Your questions are not clear enough to be answered.
"What would the recommended length for completely random characters
generated, for example, by a password manager such as keepassx? If
one were using the password as the symmetric key in libgcrypt? Or
perhaps even just using openssl tools?"
1. Well, which password managers? Just because a character is
completely random tells me nothing about how much entropy is contained
in each symbol. "TTHTHHTTH" is a completely random sequence
(generated it just now by flipping a fair coin), but it only has one
bit of entropy per symbol. "fBTvC" is a completely non-random
sequence, but it has a lot more entropy per symbol. Without knowing
how a random password is generated I can't answer this.
2. Recommended for what purpose? 256 bits of entropy is wild
overkill for almost all purposes. 128 bits of entropy is generally
3. Which toolkit? libgcrypt and openssl are two completely different
toolkits that work in completely different ways, and an answer
appropriate for one might not be appropriate for the other.
4. What is it you really want to know? You already know: AES depends
on having a 32-bit key which can support up to 256 bits of entropy.
You've been told two good metrics for estimating entropy in a
passphrase: 1.5 bits per glyph of English text, 5 bits per glyph of
base-64ed random data.
More information about the Gnupg-users