[dm-crypt] luksFormat Password Entropy

Heinz Diehl htd at fancy-poultry.org
Sat Aug 21 09:30:25 CEST 2010


On 19.08.2010, Arno Wagner wrote: 

> > So if you choose base64, P will always be 64, 
 
> No, actually, the input can restrict P to something smaller.

I don't think you're right. If the input doesn't lead to the use of 
all of the chars available in base64, so does it "choose" from this pool 
anyway. P is the amount of possibly available chars and is unrelated 
to how many different ones out of this pool actually are used. To
bruteforce the password, you'll have to try all the 64 possibilities for
each position (ok, statistically you'll have to try 50% of the whole
headroom).

If you e.g. build a password which uses 5 numbers, P is 10 [0-9].
A password out of 5 capital letters, P = 26 [A-Z]. For each of the
positions ("slots") in the password, there are 10 different possibilities 
related to the first, and 26 to the second password.



More information about the dm-crypt mailing list