[pass] Adding support for symmetric encryption
Allan Odgaard
lists+pass at simplit.com
Tue Jan 26 16:14:46 CET 2016
On 26 Jan 2016, at 20:29, Dashamir Hoxha wrote:
> Maybe you are right about this. I have just read somewhere that
> symmetric
> encryption is stronger than asymmetric encryption, but maybe it
> assumes
> that the keys are of the same size.
Yes, that would be the case. It should be fairly safe to use a 12 byte
passphrase (96 bit key) with a modern symmetric encryption scheme, but
no public/private key system will be safe with such short key length.
But as Lenz pointed out, the key length would generally be 4096 bits,
which is impractical for a symmetric encryption key (since the user has
to type it out each time).
Furthermore, even with a 12 byte passphrase, it’s user generated, so
it’s unlikely to be truly random, which decrease the search space
(often significantly).
So in practice, I think asymmetric encryption is the better/stronger
choice.
For the same reason, many servers do not allow password login but
require key exchange authentication because (user generated) passwords
are weak.
More information about the Password-Store
mailing list