Creating OSX passwords

Discussion in 'macOS' started by bigwig, Dec 12, 2005.

  1. bigwig macrumors 6502a

    Joined:
    Sep 15, 2005
    #1
    Is there an optimum length for the passphrase given to encrypt a disk image (128-bit AES) on a Mac? How about the password used to unlock a keychain (what encryption algorithm does Apple's keychain use, anyway)? How about a program like Password Keeper (448-bit Blowfish)?
     
  2. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #2
    For practical purposes, passwords are passwords and should be long and not entirely alphanumeric regardless of use. In almost any modern security scheme that involves a password, the password is the weak link and the security isn't affected much by which algorithm is in use.

    These days I would recommend at least 10 characters if the password is mixed up good with numbers and special characters. Use 16 characters or more for long term security.

    If the password/passphrase is just standard English, you need at least 30 characters for decent security.
     
  3. bigwig thread starter macrumors 6502a

    Joined:
    Sep 15, 2005
    #3
    Why do you need a password longer than the key length? Apple uses 128-bit AES, only 16 8-bit characters.
     
  4. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #4
    Because plain English only has about 1.5 bits of entropy per character. If your password is plain English, a password cracking program doesn't have to go through all possible combinations of characters, but can rely on wordlists and statistics on the English language to make guesses.

    To get full 128 bit security using just plain English you'll actually require 128 / 1.5 characters. That's 86 characters.

    The password is typically fed through a hash function before it is used as an encryption key. The hash function will mix the bits of the input and produce an 128 bit-output (if that's what you require for the key) no matter how many bits you put in.
     

Share This Page