Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Generally speaking as the number of bits is increased, the strength of the phrase is increased against a cracking by brute force. In truth, it gets a lot more complex than that as passwords are not usually stored straight out, but hashed through algorithms to make them stronger and avoid having to transmit the real password. In theory the mapping is one to one, but this isn't always the case. As an example of what I mean if your password is "abc123" it may get hashed into "1234567890", which is then transmitted to the server which compares against the hashed value. This way, the server doesn't need to know your "real" password. The 'bits' comes into play in regards to the strength of the hashing and in terms of the character set used. If for example, you limit yourself to using the standard 127 ASCII characters you have a lot lower 'bit strength' in your password than if you used a full ISO character set because there are fewer combinations that can be made.
The following quotes are from this book:
"Principles of Computer Security: Security+ and Beyond"
Wm. Artur Conklin, Gregory B. White, Chuck Cothren, Dwayne Williams, Roger L. Davis.
Chapter 5: Cryptography, pg. 80:
Key complexity is achieved by giving the key large number of possible values. The Keyspace is the size of every possible key value. When an algorithm lists a certain number of bits as a key, it is defining the key space.
Comparing a key made of 1 bit (2 possible values) and a key made of 1 letter (26 possible values) would not yield accurate results. Fortunately, the widespread use of computers have made almost all algorithms state their keyspace values in terms of bits.
It is easy to see how key complexity affects an algorithm when you look at some of the encryption algorithms that have been broken. DES (Data Encryption Standard) used a 56-bit key, allowing 72,000,000,000,000,000 possible values, but it has been broken by modern computers.
And that's because of technological progress in computers' processing power (measured in FLoating-point Operations Per Second).
All encryption ciphers besides a "one-time pad" cipher are susceptible to a brute force attack-attempting every possible key. With a very small key, such as 2-bit key, trying every possible value is simple, as you only have four possibilities: 00, 01, 10, or 11. The 56-bit DES has 72 quadrillion values, and while that seems like a lot, computers have advanced to the extent that they can attempt billions of keys every second. This makes brute forcing a key only a matter of time, so large keys are required to make brute force attacks against the cipher take longer than the effective value of the information that is enciphered by them.
In other words, computers are becoming faster, so there is a need for larger keyspace (in bits). Brute force is just one of many types of password-cracking.
I hope I didn't violate the "fair use" rule of copyright law in my post...
The Enigma cipher was a chained-transposition cipher with (almost-)simple incrementing fixed rotors. Other contemporary ciphers such as SIGABA increased security primarily by perturbing the rotor-positioning cycle. But none of these ciphers really had a sense of "bits."
We do now know that German computers such as Konrad Zeus' seminal machines were at least considered for cryptographic purposes, but there simply aren't enough known records left after all that bombing.
The key-length of a modern cipher is a rough measure of security against brute force attack, but only to the extent of the quality by which the algorithm in question actually uses the key. The "ideal" n-bit cipher would have exactly one key which produces the correct decryption and every other one produces an incorrect result that is "uselessly dissimilar to" the one and only right answer.
But remember... the theoretical strength of a cipher's key is really a too-abstract notion of its actual, pragmatic security in practice. Most cryptosystems are broken due to attacks on the keying system. The pseudo-random number generator, for instance, might not be so random after all. The key might be known to consist of "printable" characters. The owner of the key might decide that he'd rather live a few more years, and to do so in possession both of his arms (or, more cravenly, "$10 million dollars richer than before"), than to continue refusing to divulge the secret. And so on.
Last edited by sundialsvcs; 02-19-2012 at 08:40 AM.