[pass] Adding support for symmetric encryption

Dashamir Hoxha dashohoxha at gmail.com
Tue Jan 26 16:29:06 CET 2016


On Tue, Jan 26, 2016 at 4:14 PM, Allan Odgaard <lists+pass at simplit.com>
wrote:

> On 26 Jan 2016, at 20:29, Dashamir Hoxha wrote:
>
> Maybe you are right about this. I have just read somewhere that symmetric
>> encryption is stronger than asymmetric encryption, but maybe it assumes
>> that the keys are of the same size.
>>
>
> Yes, that would be the case. It should be fairly safe to use a 12 byte
> passphrase (96 bit key) with a modern symmetric encryption scheme, but no
> public/private key system will be safe with such short key length.
>
> But as Lenz pointed out, the key length would generally be 4096 bits,
> which is impractical for a symmetric encryption key (since the user has to
> type it out each time).
>
> Furthermore, even with a 12 byte passphrase, it’s user generated, so it’s
> unlikely to be truly random, which decrease the search space (often
> significantly).
>
> So in practice, I think asymmetric encryption is the better/stronger
> choice.
>

I agree, but the passphrase that protects the private key is still a user
generated one.


>
> For the same reason, many servers do not allow password login but require
> key exchange authentication because (user generated) passwords are weak.


Maybe this is a different issue (maybe there are other reasons as well).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20160126/7279adc6/attachment-0001.html>


More information about the Password-Store mailing list