Question about encryption key length

bradcathey has asked for the wisdom of the Perl Monks concerning the following question:

Fellow Monasterians,

I've been using Crypt::CBC (Blowfish) for my encryption needs for sometime (passwords, usually). But I have never understood how the length or complexity of my key might affect its effectiveness. I've read that 56 is ideal for Blowfish(?)

my $key = "aaaaaaa" VS $key = "ejfhfFGJye4wb2H0Ola_lafiwo3kw8whks9owk"
[download]

Thanks!

—Brad
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot

Comment on Question about encryption key length Download Code

Replies are listed 'Best First'.
Re: Question about encryption key length by turo (Friar) on Dec 14, 2005 at 13:22 UTC
Blowfish has a variable key length between 32 and 448 bits (56 bytes); that is you are using blowfish with its greatest key length value http://www.schneier.com/blowfish.html. But, as cryptographers says key length "size does not matter" :-P (see Bruce Schenier article: http://www.schneier.com/crypto-gram-9910.html#KeyLengthandSecurity) Regards turo `perl -Te 'print map { chr((ord)-((10,20,2,7)[$i++])) } split //,"turo"'`	[reply] [d/l]
Re^2: Question about encryption key length by bradcathey (Prior) on Dec 14, 2005 at 20:54 UTC
Thanks all. Particularly interesting article by Schneier. Anyway, sounds like I'm probably okay. Currently I use Crypt::RandPasswd to generate a different key for each password and then store the key in one database (not table, but db) and the encrypted password in another database. I store a general-use key in a .conf file in my home directory chmodded to 600. Sound okay? —Brad "The important work of moving the world forward does not wait to be done by perfect men." George Eliot	[reply]
Re^3: Question about encryption key length by turo (Friar) on Dec 14, 2005 at 21:37 UTC
I'm not sure to understand ... You have an indexed file for encrypted passwords (ciphered with the keys generated with Crypt::RandPasswd), and other indexed file for storing the keys (encrypted i suppose with the general-use key saved at ~/a.conf) ... are my assumptions okay? And this scheeme is for what? ... for users authentication (it is no better to store a simple HashFunction(user_password,generic_passwd) result? ... It sounds very bizarre ... i think turo `perl -Te 'print map { chr((ord)-((10,20,2,7)[$i++])) } split //,"turo"'`	[reply] [d/l]
Re^4: Question about encryption key length by bradcathey (Prior) on Dec 14, 2005 at 23:33 UTC
Re^5: Question about encryption key length by turo (Friar) on Dec 15, 2005 at 02:23 UTC
Re: Question about encryption key length by derby (Abbot) on Dec 14, 2005 at 13:18 UTC
Key length determines how many different keys you can generate. A keylength of 56 bits means you can have 2^56 keys or 72057594037927936 different keys. Given todays computing power, that's considered a weak keylength. The complexity of the key shouldn't matter ... let me say that again ... shouldn't matter ... because your key needs to change on a periodic (or at least aperiodic) basis. Not changing your key on a regular basis gives your attacker more data to work with, more time to do it in, and exposes more data to potential loss. That being said, a 56 bit key that never changes may be just fine for you. It's better than XOR but nowhere near as good as AES (however, the longer you keep the same key, the more it becomes like XOR). It all depends on the value of what your protecting and what other layers of security you have. Does that answer your question? Probably not. The important thing to remember is key complexity is a red herring because your key should be changing and 56 bit encryption can be good enough if you have other layers of security. -derby	[reply]
Re^2: Question about encryption key length by traveler (Parson) on Dec 14, 2005 at 17:24 UTC
You are thinking 56 bits. 56 is a byte limit for this cipher.	[reply]