When using BitLocker To Go, given that removable drives are inherently offline and may have to resist such attacks, what are the best practices / recommendations for password strength?
Asked
Active
Viewed 308 times
1 Answers
1
In this case, the password takes the role of a symmetric encryption key. So you can use the recommendations for symmetric keys given by various trusted institutions.
For example, if you want to have a password of 128 bits of security, you can generate one of at least 22 alphanumeric characters (a-z, A-Z, 0-9). You can use a password manager for this, to ensure you do not introduce some bias in the generation process. (For the math: 128/log2(26×2+10) = 21.5)
![](../../users/profiles/127837.webp)
A. Hersean
- 10,046
- 3
- 28
- 42
-
When wanting confidence that a potential password / key is sufficiently strong, will a standard password strength / entropy calculator suffice or will a calculator specifically for symmetric keys be needed? – mythofechelon Feb 26 '19 at 09:41
-
The entropy of a password once generated is 0 (look up the definition of entropy, log(1)=0). What you can measure is the method to generate passwords. You can also *estimate* the resistance to guessing attacks, but this is unreliable, and unnecessary if you know how the password was generated. – A. Hersean Feb 26 '19 at 10:22