Collaborate Disseminate
I recently investigated best-practices in regards to passwords, and the overwhelming majority of sources recommended using a password manager. This is great advice, but not usable in every situation. Certain situations, such … Continue reading Is Diceware more secure than a long passphrase?
Assume that we want to encrypt a file with gnupg using AES-256 as the encryption algorithm. (Hence, symmetric encryption.)
In this mode, gnupg requires a passphrase from the user. I understand that gnupg then derives from … Continue reading Length of a stretched gnupg passphrase that is comparable in strength to an unstretched string of 256 random bits
Is it secure to hash a password before using it in an application to increase password entropy?
Does this practice increase entropy when a PBKDF is used in the application itself or does the PBKDF itself increase the passwor… Continue reading Hashing password to increase entropy
This question already has an answer here:
Is it safe to use a weak password as long as I have two-factor authentication?
11 answers
In this 2017 video by Computerphile’s Tom Scott, “The Lava Lamps That Help Keep The Internet Secure”, Scott tours Cloud Flare’s facility and checks out their Wall of Entropy. This is essentially a wall of many lava lamps that… Continue reading Can Lava Lamps enhance modern native entropy sourced from hardware and the Linux Kernel?
I have access to genuine random numbers – random.org, for example.
I have a number of processes using /dev/random and my value for /proc/sys/kernel/random/entropy_avail is 143, which is pretty low.
I’d like to have a process that monitor… Continue reading How can I increase /proc/sys/kernel/random/entropy_avail
I have not been able to find any credible source which tried to prove or disprove the randomness of mouse movements.
A Google Scholar search for “mouse movement entropy” gives surprisingly few results: about one page of computer science … Continue reading What research suggests that user’s mouse movements are (not) sufficiently unpredictable for secret key generation?
I read the following piece of code:
dd if=/dev/urandom bs=16 count=1 2>/dev/null | md5sum
Apparently, this code was used as a trick to produce a hex string key from a 128-bit binary pseudo-random value.
Someone here cl… Continue reading Is there a loss of entropy by hashing an N-bit random key to produce an N-bit hash?
Let’s say someone has my encrypted data and he wants to decrypt it. People always talk about how the length of the key (e.g. 256 bits) decides about the entropy of the encryption, which totally makes sense. If the attacker tr… Continue reading Doesn’t the choice of encryption algorithm add entropy by itself?
Math.random() produces a double value (IEEE 754 binary64) in the range [0.0, 1.0). How many digits (or bits) of entropy does the return value of random() contain?
If it simplifies things, I’m okay with assuming the distribut… Continue reading What is the entropy of a call to java.lang.Math.random()?