So you should choose a combination of rarely used words, words from a foreign language, or made-up words. The length of a password is often limited by the software (and in addition, for example for AES256, a password length higher than 32 without transformation would provide no additional security). If the password were not composed of randomly chosen characters, then it would have to be even longer to provide the same amount of security. Theoretically, a password should have a length of at least 20 characters in order not to be less secure than the encryption method itself (usually 112-bit or 128-bit keys for commonly used symmetric encryption methods). The weak spot for both attacks is the password chosen by the user. But if the password is badly chosen, there is a chance with a dictionary attack, a special case of the brute-force attack. Modern encryption methods are technically so advanced that they have no known easy weaknesses and that brute-force attacks (a systematic approach that tries out all possible key combinations) would last much too long.
0 kommentar(er)
