Consider a secure modern block cipher like AES/Serpent/Twofish. I hear everyone

Question

Consider a secure modern block cipher like AES/Serpent/Twofish.

I hear everyone say that the complexity is 2128 for a 128 block cipher. But isn't the weak link the actual hashed and salted password? Any brute force should be targeted at it?

By my rough calculations 2128 = 8420, so any proper password composed of all available keyboard characters shorter in length than 20 is a weakness?

The problem seems to only grow with 256 ciphers: 2256 = 8440.

So does this mean there is no point using AES256 if you don't plan to have a password 40 characters long or use keyfiles? Could someone please clarify?

Explanation / Answer

Most protocols use a randomly generated key (TLS, for example) that spans the full keyspace of the cipher, so 128-bits in the case of AES-128.

For other uses where the cipher key is directly obtained from a plaintext password a propper key derivation procedure should be used. One standard for this is PKBDF2 which, in simple terms, computes the cipher key by repeated application (tens or hundreds of thousands of iterations) of a hash function to slow down the calculation in order to make brute force attacks impractical.

Imagine a key derivation function that consisted of just two applications of a hash function and compare this to deriving a key from a single hash function application. In this case it is twice as computationaly expensive to mount a bruteforce attack on the password, and this corresponds to an extra bit of the password key. In this way it is possible to "trade" time for key bits.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.