[pass] Adding support for symmetric encryption

Allan Odgaard lists+pass at simplit.com
Tue Jan 26 16:14:46 CET 2016


On 26 Jan 2016, at 20:29, Dashamir Hoxha wrote:

> Maybe you are right about this. I have just read somewhere that 
> symmetric
> encryption is stronger than asymmetric encryption, but maybe it 
> assumes
> that the keys are of the same size.

Yes, that would be the case. It should be fairly safe to use a 12 byte 
passphrase (96 bit key) with a modern symmetric encryption scheme, but 
no public/private key system will be safe with such short key length.

But as Lenz pointed out, the key length would generally be 4096 bits, 
which is impractical for a symmetric encryption key (since the user has 
to type it out each time).

Furthermore, even with a 12 byte passphrase, it’s user generated, so 
it’s unlikely to be truly random, which decrease the search space 
(often significantly).

So in practice, I think asymmetric encryption is the better/stronger 
choice.

For the same reason, many servers do not allow password login but 
require key exchange authentication because (user generated) passwords 
are weak.


More information about the Password-Store mailing list