zlacker

[parent] [thread] 3 comments
1. paulpa+(OP)[view] [source] 2022-02-08 18:06:46
strong passwords. aes256 with even just 7 word password chosen from a 1000-word dictionary cannot be cracked with existing tech
replies(2): >>akomtu+N9 >>rogers+qi
2. akomtu+N9[view] [source] 2022-02-08 18:47:27
>>paulpa+(OP)
TBH, with 4B at stake, I wouldnt blindly rely on AES. I'd use it as the 1st step, and then additionally encrypt its output with a custom AES-like algorithm (change tge s-box, change the number of rounds, maybe upgrade it to 512 bits). Even if my homebrew algo is weak, there's still standard AES behind it.
replies(1): >>boring+Yt
3. rogers+qi[view] [source] 2022-02-08 19:20:39
>>paulpa+(OP)
You are pushing it. 1000 words is 10 bits of entropy per randomly chosen word. 70 bits of entropy is probably crackable by a government agency.

Edit: I checked and unless I mixed some zeroes somewhere it looks like the current bitcoin hash rate of 200 million TH/s can crack 92 bits within a year. log (200,000,000,000,000,000,000*3600*24*365) / log 2 = 92.35

◧◩
4. boring+Yt[view] [source] [discussion] 2022-02-08 20:09:40
>>akomtu+N9
Why mess with AES when you can just use another strong algorithm or two? e.g. AES+SERPENT+Twofish, with three separate unrelated keys of course.
[go to top]