blob: 7ebbac704865cfeb6804caaa8385713b561929e9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
I recommend between 64 and 128 bits of entropy. Depending on the character set, this translates to the password lengths below, when the passwords are randomly generated (using KeePass etc):
Character Set | Password length | Password length
-- | -- | --
(number of different characters) | for >= 64 bits of entropy | for >= 128 bits of entropy
`0-9` (10) | 20 | 39
`a-z0-9` (36) | 13 | 25
`A-Za-z0-9` (62) | 11 | 22
`A-Za-z0-9%$&/...` (95) | 10 | 20
gocryptfs uses *scrypt* password hashing. The [scrypt paper](https://www.tarsnap.com/scrypt/scrypt.pdf) includes this table that estimates the cost for cracking a password in one year:
![scrypt-table1](https://user-images.githubusercontent.com/286847/40873575-2b7c6436-6663-11e8-827c-ee327269d826.png)
So it would cost 43 Billion Dollars to crack a 64-bit password. Adding another alphanumeric character multiplies the cost by 62.
|