Where to learn some basic crypto - from a simple user's perspective?
Hi there!
If I recall correctly, Bruce Schneier wrote that it is impossible to break a password with a 256 bit entropy within the physical laws of the known universe, even with quantum computers. Sorry, I can't find the link on his blog to this post. 256 bit entropy is the key number here, so far I understand. Such passwords aren't so complicated, either, just 43 characters long using lower and upper case letters and numbers (62 different characters): 256/log2(62).
Now where it gets tricky is, I heard about fast hashes and slow hashes. Assume it's a fast hash and you cannot break a 256 bit entropy password within the known universe, right? So, if I use a known, slow password, the entropy can be lower, right? For example? 256 bit is enough for even the fastest hashes, such as...? Use case: it may be a PITA to manually enter longer passwords. I know, I know: we are on the 1Password forum, but still: there are use cases where you are supposed to enter your password manually. Lest not forget your master password which you are supposed to keep in your head.
This post by you I also do not understand at all, this is too technical of my level: https://blog.agilebits.com/2013/03/09/guess-why-were-moving-to-256-bit-aes-keys/
It would be cool to have a short, beginners crypto 101 course which simple people can understand, for personal interest. Thanks!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@safe: As you can imagine, it's something that's rather difficult, and quite an undertaking — probably better suited to a book. The problem with cryptography, is that to really be honest about it requires not taking shortcuts: it's all math, and it isn't possible to break it down too much without sacrificing accuracy. You can use an easily-understood metaphor, but these can often be misleading.
Another part of the barrier to understanding cryptography is that there's a long, rich history there. Much of what we take for granted today is not immediately obvious, which is why it took decades of research to get to this point. So understanding how far we've come plays a big role in understanding where cryptography is today.
That said, we've taken another crack at it with the beta release of 1Password for Teams. And while it can get rather technical, the team (yes, the 1Password for Teams security team — ha!) has put a lot of effort into including examples and illustrations to help explain the key concepts:
1Password for Teams white paper
I'd love to hear what you think! :)
0 -
You are right. Let's start with some history, I agree. Hence, I acquired this handy resource from a friendly publisher and best selling author of geek entertainment: http://www.amazon.com/PGP-GPG-Email-Practical-Paranoid/dp/1593270712
Might be for the interest for @Megan as well.After this, I'll definitely check out your team's PDF, thanks you!
0 -
@brenty quick tip for you: You may want to advertise your White Paper better, not only make it available for download in an obscured forum, but have it it's own like like "download (the latest version of, whenever you feel like updating it, ever) our White Paper here"
Thanks.
0 -
[Off] Ps. Maybe it's not that bad of a forum engine after all (if you can enable users to delete duplicates). May I ask its name, which forum engine do you use?
0 -
@safe - AgileBits uses Vanilla for their forum. And you can edit posts for an hour after they are submitted, but not after that. I think this is intended as protection against spammers, who might post something relevant to the forum, but then later come back to edit it into something unacceptable.
0 -
I've removed the duplicate and extraneous posts. :)
0 -
@brenty quick tip for you: You may want to advertise your White Paper better, not only make it available for download in an obscured forum, but have it it's own like like "download (the latest version of, whenever you feel like updating it, ever) our White Paper here" Thanks.
@safe: Agreed! That's why it's been on the front page of the 1Password for Teams website since we launched the beta. ;)
0 -
That page is a long sales page. People don't usually read those.
Srsly: I went to that page, https://teams.1password.com looking hard to a link to your White Paper, but was not able to find it. Is it the problem of the user or just bad design? )
Happy Holidays!
0 -
You can find it toward the bottom, under the section about security, privacy, and transparency. Nobody told me about the white paper link there originally. I'd been under the impression that it wasn't up yet, but I found it on that page myself my first visit.
Now, I will say that it sounds like you're expecting a big link to it in the header or something, but I think you'll appreciate that you and I aren't the primary audience for the 1Password for Teams site; most people just aren't interested in reading something like that. So with that in mind, I think it's rather well designed.
And thank you! I hope you're enjoying your holidays as well. The New Year is almost here too! :scream:
0
