[pass] Adding support for symmetric encryption
Allan Odgaard
lists+pass at simplit.com
Tue Jan 26 17:52:25 CET 2016
On 26 Jan 2016, at 23:03, Matthieu Weber wrote:
> On Tue 26.01.2016 at 10:14:46PM +0700, Allan Odgaard wrote:
>> Furthermore, even with a 12 byte passphrase, it is user generated,
>> so it is unlikely to be truly random, which decrease the search
>> space (often significantly).
>
> http://world.std.com/~reinhold/diceware.html solves that problem.
This is basically suggesting 25-30 throws of the dice for a truly random
password resulting in 65-77 bit keys: log2((6^5)^5)
The “dicelist” is there to make it possible for people to remember a
65-77 bit random number, but good luck convincing people to use this
scheme and also to have them generate a new passphrase for each new
application.
>> So in practice, I think asymmetric encryption is the better/stronger
>> choice.
>
> You only displace the problem, by having to protect your private key
> with a passphrase.
Which is still better since an attacker will need to steal your key
before they can brute-force your passphrase, and if you are worried
about this, you can move the key to a physical token, so now this
physical token needs to be stolen for someone to decrypt your files, and
this physical token can have its own security requiring specialized
tools in order to break them.
More information about the Password-Store
mailing list