Higher encryption, means less strong password required?

Tree Lover

2/9/24, 12:49 PM

Does higher encryption mean that my password could be shorter? If the time to decrypt is longer, then the chance to bruteforce gets lower too, right?

I've created a KeePass database, and at the creation you get to choose the decryption time (to 100 ms to 5 seconds). I was wondering if this implies a more secure way to use a short password, since the time to decrypt trying with each password would be higher.

Does bruteforce work like this, or other way?

1 + 1

passwords

samuel-lucas6

2/9/24, 1:48 PM

'Higher encryption' is a bit misleading as you seem to be talking about password-based key derivation delay. As for the answer, technically yes it makes it 'safer' to use a shorter password, but it's not a good reason to. If you use a weak/common password, it will still be brute forceable. Why would you want to deliberately worsen your security, especially if it's one of the only passwords to remember? I suggest using a 6+ word Diceware passphrase instead. That's memorable and offers reasonable security.

Score:1

Crypto

Meir Maor

2/9/24, 2:19 PM

Yes, up to a point. When your password is used for encryption/decryption, it first goes through a key derivation phase, to convert your password into a key suitable for encryption (e.g an AES key). The key derivation function is tuneable, it is designed to be deliberately slow to compute. And you can choose how slow. We should assume the attacker is more efficient than we are and uses better/more suitable hardware to break the KDF, so brute force time will be much less than your decryption time*number of possible passwords. Yet we still expect a strong linear relationship between the two.

However, a high entopy password is still desired, various improvements in cryptanalisis can speed up the KDF, so if I had to chose purely on security (disregarding time for honest decryption, or cost of saving the secret) between twice the password space or twice the rounds of a KDF, I would choose twice the password space any day of the week.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Higher encryption, means less strong password required?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.