LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-15-2015, 05:29 PM   #1
dukes123
LQ Newbie
 
Registered: Aug 2015
Posts: 13

Rep: Reputation: Disabled
Which is more secure a cryptic password or passphrase?


hi

I want to encrypt an unused partition on my hard drive. I want to know which is more secure, a cryptic password for example o/S6&1WAu}U3gEP2 or a passphrase like "The quick brown fox jumped over the fence"

The two examples above are just illustrations.
 
Old 08-15-2015, 06:20 PM   #2
JaseP
Senior Member
 
Registered: Jun 2002
Location: Eastern PA, USA
Distribution: K/Ubuntu 18.04-14.04, Scientific Linux 6.3-6.4, Android-x86, Pretty much all distros at one point...
Posts: 1,802

Rep: Reputation: 157Reputation: 157
Obligatory XKCD cartoon reference...
https://xkcd.com/936/
 
Old 08-16-2015, 06:20 AM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,841

Rep: Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472
It depends on how you are going to encrypt it. Some methods (AES 256) requires 36 bytes of key... But to have a good key requires you to use all 8 bits of the byte (most used character sets don't). What usually happens is that a "passphrase" (which may be just a cryptic password) is used to generate a 36 byte hash, which is then used for the key. The assumption being that the hash is a more random string than the passphrase (and is shorter).
 
Old 08-16-2015, 09:40 AM   #4
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian
Posts: 1,054

Rep: Reputation: 281Reputation: 281Reputation: 281
I'm no expert, but pretty much all I've read indicates that length is more secure than randomness. The longer the password/passphrase, the more secure, because the time for a brute-force attack increases geometrically. A random 4-character password is far less secure than an 8-character password, unless the password is something easily guessed. You need to use something that you can remember, but isn't easily broken by a dictionary attack. A carefully chosen passphrase satisfies this requirement.
 
Old 08-16-2015, 09:54 AM   #5
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,841

Rep: Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472Reputation: 1472
As long as no one can guess how you chose that passphrase...

The problem remains, a passphrase that is easily remembered is also easier for social engineering to recover.
 
Old 08-16-2015, 10:31 AM   #6
sgosnell
Senior Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian
Posts: 1,054

Rep: Reputation: 281Reputation: 281Reputation: 281
Everything in life is a compromise of some sort. Remembering a 24-character random string is difficult, probably more difficult than most people can handle. But there are ways of constructing a passphrase that is both difficult to hack and easy enough to remember. One way is to use a transliteration of a phrase in a foreign language that doesn't use the Latin alphabet. Or you can change letters to numbers, use just the first letter of words, or any number of other methods. You shouldn't use something like "My dog's name is Spot", or anything easily guessable, although almost anything long enough should be fine for use on websites. Hackers and script kiddies aren't going to spend the time to guess the password themselves, they use dictionary software, and the efficiency of that decreases drastically with length of the phrase. From what I've read, length is more important than randomness. But I have no actual experience with cracking passwords.
 
Old 08-16-2015, 10:50 AM   #7
albinard
Member
 
Registered: Jan 2011
Location: New Mexico
Distribution: Xubuntu Core
Posts: 184

Rep: Reputation: 59
The security of a password is based on its entropy, namely the degree of randomness it exhibits. The ability of password crackers to reveal it depends a great deal on the availability of the sort of dictionaries the crackers use, which are composed of already-cracked hashes, words in various languages, etc.

Passphrases, since they are composed of dictionary words, have a low entropy per symbol. One way to increase the entropy per symbol is to take a long but memorable phrase (song lyric, poem, anything highly memorable) and use the first letter of each word. Then encrypt the letters in a random fashion (not leet or anything systematic) and practice typing it. The combination of mental recitation as you type and the motor memory of the keystrokes will give you a password of 10 to 12 symbols that is easy to remember and difficult to crack (no dictionaries anywhere for the crackers to resort to!)
 
Old 08-16-2015, 12:42 PM   #8
dukes123
LQ Newbie
 
Registered: Aug 2015
Posts: 13

Original Poster
Rep: Reputation: Disabled
Hi everyone,

I will be using aes-xts-plain64 as the cipher.

I never use dictionary words as passwords. I use keepassX to generate my passwords.

Thanks 2 all
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Why is linux so cryptic hawkiboy Linux - Software 13 06-25-2015 01:40 AM
lsmod seems cryptic albert0147 Linux - Newbie 2 12-02-2013 05:31 AM
HP-UX cryptic console errors b1f30 Other *NIX 7 03-18-2008 11:08 AM
help w/ bootsplash's cryptic instructions stevenhasty Slackware 2 11-01-2003 07:37 PM
cryptic problem. Gantrep Linux - Software 5 04-20-2003 01:49 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration