| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 Apr 2003 23:30:31 -0400 From: "Derek" <derekm@...ers.com> To: <bugtraq@...urityfocus.com> Subject: Re: Cracking preshared keys > Mitigation of this risk is to use, as long as practical, strong > pre-shared keys, and to change them frequently. In Cisco IOS software, > the PSK can be up to 128 characters in length. According to some > estimates, one character carries from 1.3 to up to 4 bits of entropy. > This means that the password can have, at maximum, anywhere from 166 > to 512 bits of entropy. The length of the PSK should be determined > by your security policy. Just an interesting note about the above comment. By generating 93 bytes of "cryptographic calibre" randomness, and then base64 encoding it, you will have a password that has 744 (93*8) bits of entropy, but is 128 bytes long. If a more efficient encoding mechanism is used (one that uses the full valid character set on a cisco, which I don't know personally) a larger key could potentially be generated. If a strong key such as the one described above is used, according to some estimates, this will take a _very_ long time to brute force. Cheers, Derek
Powered by blists - more mailing lists