About the passphrase related vulnerability of symmetric encryption

There are tools like gpg or ccrypt that use the AES algorithm to symmetrically encrypt a file, which I've read it is quite safe, and uses 128/256 bit keys. Now, maybe I'm missing or not understanding something, but these tools generate that key based on the passphrase that you type.

So then isn't the encrypted data as vulnerable as your passphrase is ? Meaning, if you use a weak passphrase, wouldn't that be vulnerable to brute-force attack ?

I mean, if you use a let's say 6 characters passphrase, the amount of tries to match the passphrase would be much much less then to guess a 128 bit key.

If true, what's the common way of doing things ? Just use a long hard to guess passphrase ?

StefanH

Posted 2014-11-30T22:08:24.390

Reputation: 111

Answers

Yes, of course. You are right. Every system which is dependant only on a password as input will be strong as the password is. There are multiple possibilities how to make the encryption stronger:

Certainly use a good quality password. The strength depends on multiple factors like: how much worth are your data, how much would a possible attacker invest into the cracking, how long the data should stay unbreakable into the future etc.
Use only software which derives the encryption key using a proven function which consumes considerable amount of computation time like PBKDF2. This makes the dictionary and brute-force password breaking much harder.
If possible use an additional factor besides the password - like a password protected physical security storage of a cryptographic key. These devices are known as Smart Cards or USB security tokens.
If the solution from the previous point is not possible and the encrypted data are stored in a very accessible environment (like a public web server) you can improve the security by storing the encryption key to a file - of course encrypted by your password (respecting the first two points). The file with the encryption key would be stored in a safer location like your personal directories on your computer.

pabouk

Posted 2014-11-30T22:08:24.390

Reputation: 5 358

In a word, yes - whenever you use symmetric encryption, it's only as strong as the passphrase you choose, so you need to choose one that is long and difficult to brute force. There's no definitive guideline on exactly how long it needs to be but 20-30 characters is what you should be aiming at if you're looking for maximum security.

tlng05

Posted 2014-11-30T22:08:24.390

Reputation: 699