Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

In the case of password storage, consider the following: I have an idea that one

ID: 650201 • Letter: I

Question

In the case of password storage, consider the following:

I have an idea that one can exhaust the entropy of input to the MD5 function by using a 128 bit random value as the password (indeed, any hash function, using the output length as input). Is this a correct assumption, or is the entropy exhausted at 123.4 bit, this being the best attack to date? Or does this only apply to hash functions that for every value in the interval [0,2L] provide another unique value in the same interval?

I hope you understand what I'm trying to ask here - I see that I have a hard time explaining it clearly. What I want to do with this idea is argue that in the case of MD5 stored passwords, there is no reason to use passwords with a higher entropy than the hash itself.

Explanation / Answer

Entropy is not gas -- you do not "consume" it.

In the case of hashing passwords, entropy is a measure of what the password could have been. A password with "n bits of entropy" is a password such that breaking it by dictionary attack (trying potential passwords until the right one is found) has average cost 2n-1.

It is useless to have a password entropy much beyond the output length of the employed hash function, because if you hash to k bits, then trying random passwords will succeed with probability 2-k, hence average cost 2k. Thus, no need to go beyond k+1 bits or entropy for the password.

It is also useless to have a password entropy beyond the point where dictionary attacks are ludicrously expensive, regardless of the hash function output size. With today's technology, an 80-bit password entropy is already enough to defeat such endeavours. Actually, if the password hashing is done properly (with a slow password processing function, like bcrypt), then lower entropies are already fine (that's the point of slow hashing: to make low password entropy more tolerable).

Related Questions

In the case below, the original source material is given along with a sample of
Question #125991
In the case below, the original source material is given along with a sample of
Question #126967
In the case below, the original source material is given along with a sample of
Question #236587
In the case below, the original source material is given along with a sample of
Question #381403
In the case below, the original source material is given along with a sample of
Question #1209292
In the case below, the original source material is given along with a sample of
Question #1209293
In the case below, the original source material is given along with a sample of
Question #1621490
In the case below, the original source material is given along with a sample of
Question #1623596
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
In the case of incomplete dominance, if two heterozygotes are crossed (Aa Aa) ra
Next
In the case of public goods (and services), it is impossible to divide the produ

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.