LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-18-2012, 01:01 AM   #1
ybpark81
LQ Newbie
 
Registered: Jan 2012
Posts: 3

Rep: Reputation: Disabled
cryptography... what's difference between 8bits / 16 bits / 32 bits/ 64 bits/128bits?


Hi,
I have some question, is there anyone who can help me please?

what's difference between 8bits / 16 bits / 32 bits/ 64 bits/128bits encryption password?
How do you define each one?
And where do you use them?

Example: when i enter my password(which contain 8 characters) to enter my hotmail.com account, the password which i entered, is that 8bits? 16bits? 32bits? 64bits? or 128bit? and why??

8 characters = 8 bytes = 64bits??? so am i using 64bits encryption password???

sorry to be so newbie...

and thanks...
 
Old 02-18-2012, 07:03 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
Generally speaking as the number of bits is increased, the strength of the phrase is increased against a cracking by brute force. In truth, it gets a lot more complex than that as passwords are not usually stored straight out, but hashed through algorithms to make them stronger and avoid having to transmit the real password. In theory the mapping is one to one, but this isn't always the case. As an example of what I mean if your password is "abc123" it may get hashed into "1234567890", which is then transmitted to the server which compares against the hashed value. This way, the server doesn't need to know your "real" password. The 'bits' comes into play in regards to the strength of the hashing and in terms of the character set used. If for example, you limit yourself to using the standard 127 ASCII characters you have a lot lower 'bit strength' in your password than if you used a full ISO character set because there are fewer combinations that can be made.

The above is a pretty crude explanation. Wikipedia has a good explanation of how this works. Here is a link: http://en.wikipedia.org/wiki/Password_strength
 
Old 02-18-2012, 04:04 PM   #3
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,639

Rep: Reputation: 2653Reputation: 2653Reputation: 2653Reputation: 2653Reputation: 2653Reputation: 2653Reputation: 2653Reputation: 2653Reputation: 2653Reputation: 2653Reputation: 2653
the difference from 8 bit to 128 bit
PRE-WW I to WW II
pre1914 to 1940


wasn't the enigma a 128bit cypher
 
Old 02-19-2012, 01:44 AM   #4
kuser:)
Member
 
Registered: Sep 2005
Location: Olsztyn, Poland
Distribution: Slackware 14.1
Posts: 168

Rep: Reputation: 99
The following quotes are from this book:
"Principles of Computer Security: Security+ and Beyond"
Copyright 2004
Authors:
Wm. Artur Conklin, Gregory B. White, Chuck Cothren, Dwayne Williams, Roger L. Davis.
ISBN-13: 978-0-07-225643-7
ISBN-10: 0-07-225643-5

Chapter 5: Cryptography, pg. 80:
Quote:
Key complexity is achieved by giving the key large number of possible values. The Keyspace is the size of every possible key value. When an algorithm lists a certain number of bits as a key, it is defining the key space.
[...]
Quote:
Comparing a key made of 1 bit (2 possible values) and a key made of 1 letter (26 possible values) would not yield accurate results. Fortunately, the widespread use of computers have made almost all algorithms state their keyspace values in terms of bits.
It is easy to see how key complexity affects an algorithm when you look at some of the encryption algorithms that have been broken. DES (Data Encryption Standard) used a 56-bit key, allowing 72,000,000,000,000,000 possible values, but it has been broken by modern computers.
And that's because of technological progress in computers' processing power (measured in FLoating-point Operations Per Second).
Quote:
All encryption ciphers besides a "one-time pad" cipher are susceptible to a brute force attack-attempting every possible key. With a very small key, such as 2-bit key, trying every possible value is simple, as you only have four possibilities: 00, 01, 10, or 11. The 56-bit DES has 72 quadrillion values, and while that seems like a lot, computers have advanced to the extent that they can attempt billions of keys every second. This makes brute forcing a key only a matter of time, so large keys are required to make brute force attacks against the cipher take longer than the effective value of the information that is enciphered by them.
In other words, computers are becoming faster, so there is a need for larger keyspace (in bits). Brute force is just one of many types of password-cracking.

I hope I didn't violate the "fair use" rule of copyright law in my post...

Last edited by kuser:); 02-19-2012 at 01:59 AM.
 
Old 02-19-2012, 08:38 AM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,861
Blog Entries: 4

Rep: Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995Reputation: 3995
The Enigma cipher was a chained-transposition cipher with (almost-)simple incrementing fixed rotors. Other contemporary ciphers such as SIGABA increased security primarily by perturbing the rotor-positioning cycle. But none of these ciphers really had a sense of "bits."

We do now know that German computers such as Konrad Zeus' seminal machines were at least considered for cryptographic purposes, but there simply aren't enough known records left after all that bombing.

The key-length of a modern cipher is a rough measure of security against brute force attack, but only to the extent of the quality by which the algorithm in question actually uses the key. The "ideal" n-bit cipher would have exactly one key which produces the correct decryption and every other one produces an incorrect result that is "uselessly dissimilar to" the one and only right answer.

But remember... the theoretical strength of a cipher's key is really a too-abstract notion of its actual, pragmatic security in practice. Most cryptosystems are broken due to attacks on the keying system. The pseudo-random number generator, for instance, might not be so random after all. The key might be known to consist of "printable" characters. The owner of the key might decide that he'd rather live a few more years, and to do so in possession both of his arms (or, more cravenly, "$10 million dollars richer than before"), than to continue refusing to divulge the secret. And so on.

Last edited by sundialsvcs; 02-19-2012 at 08:40 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
64 bits or 32 bits on AMD athlon x2 ram 4gb? albertoburgos Linux - Newbie 13 08-15-2011 03:37 PM
What is the meaning of 32 bits x 16 bits in a flash memory? archieval Linux - Embedded & Single-board computer 4 05-25-2011 02:37 PM
Can I install Linux 32 bits on system 64 bits? miros84 Linux - Software 7 01-06-2010 07:49 AM
Things to consider when compiling C using 32 bits instead of 64 bits processors rpomerleau Programming 2 07-08-2008 01:22 PM
32 bits version distros running 64 bits CPU javb Linux - General 4 04-02-2006 07:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration