[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-user
Subject:    Re: [gentoo-user] Password questions, looking for opinions. cryptsetup question too.
From:       Frank Steinmetzger <Warp_7 () gmx ! de>
Date:       2023-09-20 18:05:50
Message-ID: ZQs0fpWXUvZKzIjQ () kern
[Download RAW message or body]


Am Wed, Sep 20, 2023 at 01:28:09PM +0100 schrieb Michael:

> > I have a question tho.  Can a person use a password/pass phrase that is
> > like this:  'This is a stupid pass phrase.'   Does it accept that even
> > with spaces? I know file names can have spaces for a long while now but
> > way back, you couldn't do that easily.  One had to use dashes or
> > underscores.

Sure, why not? It's a string like any other. No spaces in filenames where a 
restriction of (now outdated) file systems. And I guess developers didn't 
account for them back in those days (and later out of habit). When I used 
DOS, of course I adhered to the 8.3 rule. But ever since I started using 
Windows, XP at the latest (2001), I wholly started using spaces everywhere 
and never looked back. The programs that had problems with spaces were few 
and script authors should just adhere to best practices and put filename 
variables in quotes, so they can work with spaces. The only nuissance they 
pose for me is it may make tab completion cumbersome sometimes.

PS.: I find underscores ugly. :D

> Generally speaking space characters are a poor choice for randomness.  I 
> recall seeing some documentary about the Enigma machine used by the German 
> military during the 2nd WW.  To minimise attempts to brute force the 
> ciphertext, they started by identifying which letter(s) were most frequently 
> used in the German language - e.g. the letter "e", then the second most 
> frequent letter and so on.  This statistical analysis approach in combination 
> with likely message content reduced the number of guesses.

Here you speak of the payload, not the passphrase, which is the encyption 
key. The key was rotated after each character and the initial key setting (the 
tumbler position) was distributed in secret code books.

> In principle, a repeated space character in your passphrase could help 
> reduce the computational burden of an offline brute force attack, by e.g. 
> helping an attacker to identify the number of individual words in a 
> passphrase.

Due to the rotation, the Enigma encoded each subsequent letter differently, 
even if the same one repeated, which was (one of) the big strengths of the 
Enigma cipher. The flaws were elsewhere, for example that a character could 
never be encrypted onto itself due to the internal wiring and certain 
message parts were always the same, like message headers and greetings.

For LUKS, having spaces in your passphrase (or their frequency) has no 
influence on the ciphertext, since the passphrase itself is not used for 
encryption. The passphrase only unlocks the actual key, which is then used 
for encryption. It comes down to whether the passphrase can easily be 
guessed by dictionary attacks. So if you write normal sentences with 
correctly written words, they might be easy to crack. I don't expect it 
makes a big difference to the brute force software whether you use spaces or 
not.

-- 
Grüße | Greetings | Salut | Qapla'
Please do not share anything from, with or about me on any social network.

Suicide is the most honest form of self-criticism.

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]