What length password equals 256bits of entropy
Solution 1
If the password is truly random (aka non-memorizable), then with the characters described, you are getting about 6 bits of randomness per 8-bit byte of password. Therefore, you need about (256 / 6) = 43 characters in the password to contain about 256 bits of randomness. If the password is memorable, you need many more characters to attain the 256 bits of randomness. Running English text has less than 4 bits of randomness per byte.
You might do better to take a long pass-phrase and generate a 256-bit hash of that (SHA-256, perhaps). Your pass-phrase might be a miniature essay - maybe 80-128 characters long; more would not hurt.
Solution 2
If you're using only letters and numbers, then you've got a total of 26 × 2 + 10 = 62 possible values per character. That's close to 64, so you have just under 6 bits of entropy per character.
If you want 256 bits, then you need about 43 characters from your character set.
Solution 3
Further reading: http://en.wikipedia.org/wiki/Password_strength
Related videos on Youtube
danabba222
Updated on March 07, 2020Comments
-
danabba222 about 4 years
I'm using encryption on my entire HDD (aes 256) and i'm wondering what length password i would need so that the password also is 256 bits. As we all know the password is usually the weak link with encryption so i think this is good thing to know. The password will be made up of letters (capital and small) numbers and punctuation and be random. Thanks.
-
Jonathan Leffler about 13 yearsIt is related to the design of a program, and security.stackexchange.com might be an alternative venue, but this seems fine to me. There are plenty of related questions on SO.
-
Greg Hewgill about 13 yearsAh, I read the question as "I'm using [a program that provides] encryption" instead of "I'm writing an encryption program"
-
-
Lyokolux almost 3 yearsThis is more a comment than a complete answer