# ShortKeyLengths

te (asymetric) key must be very long to be secure 1. Let's store private keys on GnuForge encrypted with a symmetric cipher. This encrypted private key could then be loaded into a java app running on the client computer and used by entering in the (much shorter) symmetric key.

What is the minimal key length that should be required? Take into account the the number of characters that would be used to write it on a piece of paper as well as the time it would take to brute force.

85 character choices allows a 64-bit key in 10 characters. 2

1 A Discussion of the Importance of Key Length in Symmetric and Asymmetric Crypotography, Lorraine C. Williams, 11 January 2001

2 How many bits can we get per character?

- Upper case letters (+26): ABCDEFGHIJKLMNOPQRSTUVWXYZ
- Lower case letters (+26): abcdefghijklmnopqrstuvwxyz
- Numbers (+10): 1234567890

'* Punctuation and some special characters (+32): `~!@#$%^&*()-_+=[]{};':"|<>,./?

- Subtract characters which may get confused with one another (-6): `1l|O0

Total is 26+26+10+32-6 ` 88 choices. This is log2(88) `

6.4594316 bits per character. A 64-bit key would be (64 / 6.4594316 ` 9.9079925) 10 characters long. What is the minimum number of character choices we need to require a 10 character key length? 85 since log2(85) `

6.4093909 bits.

Last edit: Fri, 14 Jul 2006 13:44:36 -0700 (WikiWord) Revisions: 3