security - Create a strong password for AES -

-

background: using pbewithsha256and128bitaes-cbc-bc algorithm (bouncy castle) jasypt via grails plugin. configuration straightforward:

jasypt {     algorithm = "pbewithsha256and256bitaes-cbc-bc"     providername = "bc"     password = "<your secret passphrase>"     keyobtentioniterations = 1000 }

i know how choose secure password above. there real or practical limits on length, restricted characters, etc? specific generator should using? couldn't find clear documentation on , examples use above (e.g., "password", "secret" etc.).

password-based encryption takes password, term implies. passwords run through key derivation function obtain actual key. kdf typically constructed hash function, password may of length , contain characters.

passwords have run through kdf because typical passwords don't contain anywhere near enough entropy considered secure against brute force attacks. kdf substitutes lack of "key space" depth computationally expensive key derivation – hence thousands of iterations. disadvantage fact initializing cipher expensive.

this tradeoff worth if passwords required instead of raw keys. however, in case better idea use raw key. unfortunately seems jasypt library using supports pbe.

to contain @ least 256 bits of entropy (as raw random 256-bit key), the password has contain @ least 43 random (case-sensitive) alphanumeric characters. if pick password long, can lower iteration count 1.

it seems pretty odd me have think through though using library supposed able use "without need of having deep knowledge on how cryptography works". why expose ugly details if users aren't supposed know are?


Comments

Post a Comment

Popular posts from this blog

html5 - What is breaking my page when printing? -

-
Image
i have questioner , don't know why when printing it's creating break before first question. live demo (link) i able resolve issue removing fieldset container had wrapped in.. having fieldset element causing of fields grouped together, , since not fit on first page, being pushed second page. removing fieldset element, able firefox print first 2 questions on page 1 identically chrome. it seems not new problem firefox , fieldset not playing nice found old bugzilla ticket 2008 has persisted , still being commented on in 2014 (link) if retaining fieldset important, found solution else came here (link) <script type='text/javascript'> $(window).bind('beforeprint', function(){ $('fieldset').each( function(item) { $(this).replacewith($('<div class="fieldset">' + this.innerhtml + '</div>')); } ) }); $(window).bind(
Read more

html - Unable to style the color of bullets in a list -

-
i'm trying change colour of list points it's not working? <div class="mobile-menu" id="mobile-menu"> <div id="mobile-menu-links"> <h4>general:</h4> <ul class="mobile-menu-links"> <li><a href="">news</a></li> <li><a href="">the boring rules!</a></li> <li><a href="">the rankings</a></li> </ul> .mobile-menu #mobile-menu-links ul{ list-style-type: none; margin:0; padding-left:3%; } .mobile-menu #mobile-menu-links ul li{ padding-bottom:2px; border-bottom:1px solid #bababa; } if add color:red in either of 2 css declarations, doesn't change colour. please note html closed in document, copi
Read more

c# - must be a non-abstract type with a public parameterless constructor in redis -

-
when save object, got below error must non-abstract type public parameterless constructor in order use parameter 't' in generic type or method 'servicestack.redis.redisclient.store<t>(t) redisclass.getinstnace().store(msg); // error here redisclass.getinstnace().save(); as third party's class, can not edit how save object? could create wrapper around third party object call constructor, store wrapper? e.g. public class mywrapper { public thirdpartyobject thirdpartyinstance { get; set; } public mywrapper() { thirdpartyinstance = new thirdpartyobject("constructors"); } }
Read more