Password Guidelines?

Discussion related to AES Crypt, the file encryption software for Windows, Linux, Mac, and Java.
Post Reply
ThatOneGuy
Posts: 2
Joined: Sun Mar 03, 2019 9:36 pm

Password Guidelines?

Post by ThatOneGuy »

I've been looking through documentation and such and I can't find anywhere if there is a limit on the password? 32 characters? 64? With my password generator program I could easily throw a 250 character password at AES Crypt. Would this conceivably increase encryption time? Is there a point where a longer password simply has diminishing returns? Looking for guidelines here, I have a crapton of data to encrypt and want it secure before I put it on a cloud service.
User avatar
paulej
Posts: 595
Joined: Sun Aug 23, 2009 7:32 pm
Location: Research Triangle Park, NC, USA
Contact:

Re: Password Guidelines?

Post by paulej »

The maximum password length is 1024 characters, and that was just an arbitrary limit I picked. The password length won't make encryption take more or less time. It might take the key derivation routine a little longer, but it would be so fast you wouldn't see a difference.

Passwords are munged into a 256-bit value that is used as the encryption key. That's the strongest key supported by AES. To maximize password strength, you'd only need 43 random characters from the set of upper case, lower case, and numbers (62 distinct characters). See: https://www.wolframalpha.com/input/?i=log2(62)*43. You can see the bit strength is just over 256.

When encrypting data for cloud storage, I tend to use longer passwords, though. The reason is that the software I use to generate random passwords might not be as ideal as it should be. So rather than lose key strength due to lower entropy in my password generator, I just create longer passwords. I go overboard, though, sometimes using randomly generated passwords that are 384 characters long. That's definitely beyond diminishing returns, but it doesn't hurt, either.

I hope that helps.
ThatOneGuy
Posts: 2
Joined: Sun Mar 03, 2019 9:36 pm

Re: Password Guidelines?

Post by ThatOneGuy »

Thanks!
Post Reply