What would be the key size for a picture used as a key?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I'm working on a cryptosystem that uses colour pictures as keys for encryption. I'm trying to guess what is the key size of my cryptosystem in order to find the feasibility of a brute force attack. My cryptosystem uses RGB pictures of any size M x N.
I haven't found a paper that tries to do the same calculation yet. Any idea on what the key size is?
encryption cryptography brute-force
New contributor
add a comment |Â
up vote
1
down vote
favorite
I'm working on a cryptosystem that uses colour pictures as keys for encryption. I'm trying to guess what is the key size of my cryptosystem in order to find the feasibility of a brute force attack. My cryptosystem uses RGB pictures of any size M x N.
I haven't found a paper that tries to do the same calculation yet. Any idea on what the key size is?
encryption cryptography brute-force
New contributor
3
Why would you want to use a picture as an encryption key?
â Anders
1 hour ago
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I'm working on a cryptosystem that uses colour pictures as keys for encryption. I'm trying to guess what is the key size of my cryptosystem in order to find the feasibility of a brute force attack. My cryptosystem uses RGB pictures of any size M x N.
I haven't found a paper that tries to do the same calculation yet. Any idea on what the key size is?
encryption cryptography brute-force
New contributor
I'm working on a cryptosystem that uses colour pictures as keys for encryption. I'm trying to guess what is the key size of my cryptosystem in order to find the feasibility of a brute force attack. My cryptosystem uses RGB pictures of any size M x N.
I haven't found a paper that tries to do the same calculation yet. Any idea on what the key size is?
encryption cryptography brute-force
encryption cryptography brute-force
New contributor
New contributor
edited 1 hour ago
Anders
46.6k21131154
46.6k21131154
New contributor
asked 2 hours ago
Daniel Esteban Ladino Torres
61
61
New contributor
New contributor
3
Why would you want to use a picture as an encryption key?
â Anders
1 hour ago
add a comment |Â
3
Why would you want to use a picture as an encryption key?
â Anders
1 hour ago
3
3
Why would you want to use a picture as an encryption key?
â Anders
1 hour ago
Why would you want to use a picture as an encryption key?
â Anders
1 hour ago
add a comment |Â
4 Answers
4
active
oldest
votes
up vote
3
down vote
A picture is far too large to use as an encryption key directly, you'll want to run it through a KDF first.
It also depends entirely on the picture whether it will have enough entropy to be useful. You could have a 1000x1000 image that's solid white, but it would be useless as a key as it contains no entropy. Pictures from cameras tend to have a fair amount of entropy in the lower bits, so that could be ok, but your users would need to understand that not just any picture is a good key.
Pictures as keys is in general not a great idea. Pictures are usually taken to be shared, and keys are something you don't want to show to everyone. Using a picture as a key also sounds to me like it could be relying on security through obscurity (i.e. you just use an image from the thousands you have on your computer, but that's effectively very low entropy, probably under 20 bits unless you have an insane number of pictures).
Feel free to continue developing this for the sake of learning, but until you have a much better grasp of cryptography it's better to leave this sort of thing to the experts (see Why shouldn't we roll our own?).
I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
â user2357112
1 min ago
add a comment |Â
up vote
2
down vote
Any cryptosystem should have keys with keysizes at the 128, 192, and 256 bit-of-entropy security levels.
So the question comes back to you: where are these images coming from and how much entropy do they contain? If they are completely random bit streams that are being interpreted as an image, then (ignoring entropy loss from lossy compression codecs), you get log_base2(256x256x256) = 24 bits of entropy per pixel
, so you'd need 6 / 8 / 11 pixels respectively for the 128 / 192 / 256 bit security strengths.
If you're not generating completely random images and instead allowing people to use, like, photos, then I have no idea how you'd even begin estimating the amount of entropy in one of those.
Bottom line: using images as key material seems like a really odd thing to do and conflicts with the common practice that key material be completely random data from a cryptographic-strength RNG.
Also, from the information in your question, I'm not convinced that brute-force is the attack you need to worry about; I'd be more concerned with the "get access to their laptop and try every image on their hard drive" attack.
My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
â Mike Ounsworth
1 hour ago
Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
â Mike Ounsworth
1 hour ago
Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
â Daniel Esteban Ladino Torres
5 mins ago
add a comment |Â
up vote
1
down vote
There are a lot of problems with this approach even before looking at the entropy involved.
Even though there is no background included, there are probably issues below that will trip you up.
- How does the user provide the image to the system in a rigorous way?
- Using a url to retrieve the image requires (secure dns/network/pki and probably cache).
- Does the user need to warrant that the image is the same? (a lot of encoding change can be made in an image before it looks different to the user).
- What if the user has eyesight issues/monochrome monitor?
- What if system has a compromised display subsystem (to grab image or alter image).
- Maybe all you need is a secure hash of the image anyway.
add a comment |Â
up vote
0
down vote
I think for encryption AES is recommended 16, 24 or 32 bytes key length (probably 32 bytes is the best option). However this depends a bit on the library you choose, but you can start by using that lengths in your research and keep us up to date on your research.
add a comment |Â
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
3
down vote
A picture is far too large to use as an encryption key directly, you'll want to run it through a KDF first.
It also depends entirely on the picture whether it will have enough entropy to be useful. You could have a 1000x1000 image that's solid white, but it would be useless as a key as it contains no entropy. Pictures from cameras tend to have a fair amount of entropy in the lower bits, so that could be ok, but your users would need to understand that not just any picture is a good key.
Pictures as keys is in general not a great idea. Pictures are usually taken to be shared, and keys are something you don't want to show to everyone. Using a picture as a key also sounds to me like it could be relying on security through obscurity (i.e. you just use an image from the thousands you have on your computer, but that's effectively very low entropy, probably under 20 bits unless you have an insane number of pictures).
Feel free to continue developing this for the sake of learning, but until you have a much better grasp of cryptography it's better to leave this sort of thing to the experts (see Why shouldn't we roll our own?).
I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
â user2357112
1 min ago
add a comment |Â
up vote
3
down vote
A picture is far too large to use as an encryption key directly, you'll want to run it through a KDF first.
It also depends entirely on the picture whether it will have enough entropy to be useful. You could have a 1000x1000 image that's solid white, but it would be useless as a key as it contains no entropy. Pictures from cameras tend to have a fair amount of entropy in the lower bits, so that could be ok, but your users would need to understand that not just any picture is a good key.
Pictures as keys is in general not a great idea. Pictures are usually taken to be shared, and keys are something you don't want to show to everyone. Using a picture as a key also sounds to me like it could be relying on security through obscurity (i.e. you just use an image from the thousands you have on your computer, but that's effectively very low entropy, probably under 20 bits unless you have an insane number of pictures).
Feel free to continue developing this for the sake of learning, but until you have a much better grasp of cryptography it's better to leave this sort of thing to the experts (see Why shouldn't we roll our own?).
I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
â user2357112
1 min ago
add a comment |Â
up vote
3
down vote
up vote
3
down vote
A picture is far too large to use as an encryption key directly, you'll want to run it through a KDF first.
It also depends entirely on the picture whether it will have enough entropy to be useful. You could have a 1000x1000 image that's solid white, but it would be useless as a key as it contains no entropy. Pictures from cameras tend to have a fair amount of entropy in the lower bits, so that could be ok, but your users would need to understand that not just any picture is a good key.
Pictures as keys is in general not a great idea. Pictures are usually taken to be shared, and keys are something you don't want to show to everyone. Using a picture as a key also sounds to me like it could be relying on security through obscurity (i.e. you just use an image from the thousands you have on your computer, but that's effectively very low entropy, probably under 20 bits unless you have an insane number of pictures).
Feel free to continue developing this for the sake of learning, but until you have a much better grasp of cryptography it's better to leave this sort of thing to the experts (see Why shouldn't we roll our own?).
A picture is far too large to use as an encryption key directly, you'll want to run it through a KDF first.
It also depends entirely on the picture whether it will have enough entropy to be useful. You could have a 1000x1000 image that's solid white, but it would be useless as a key as it contains no entropy. Pictures from cameras tend to have a fair amount of entropy in the lower bits, so that could be ok, but your users would need to understand that not just any picture is a good key.
Pictures as keys is in general not a great idea. Pictures are usually taken to be shared, and keys are something you don't want to show to everyone. Using a picture as a key also sounds to me like it could be relying on security through obscurity (i.e. you just use an image from the thousands you have on your computer, but that's effectively very low entropy, probably under 20 bits unless you have an insane number of pictures).
Feel free to continue developing this for the sake of learning, but until you have a much better grasp of cryptography it's better to leave this sort of thing to the experts (see Why shouldn't we roll our own?).
answered 1 hour ago
AndrolGenhald
8,08941728
8,08941728
I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
â user2357112
1 min ago
add a comment |Â
I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
â user2357112
1 min ago
I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
â Daniel Esteban Ladino Torres
1 hour ago
I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
â user2357112
1 min ago
@DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
â user2357112
1 min ago
add a comment |Â
up vote
2
down vote
Any cryptosystem should have keys with keysizes at the 128, 192, and 256 bit-of-entropy security levels.
So the question comes back to you: where are these images coming from and how much entropy do they contain? If they are completely random bit streams that are being interpreted as an image, then (ignoring entropy loss from lossy compression codecs), you get log_base2(256x256x256) = 24 bits of entropy per pixel
, so you'd need 6 / 8 / 11 pixels respectively for the 128 / 192 / 256 bit security strengths.
If you're not generating completely random images and instead allowing people to use, like, photos, then I have no idea how you'd even begin estimating the amount of entropy in one of those.
Bottom line: using images as key material seems like a really odd thing to do and conflicts with the common practice that key material be completely random data from a cryptographic-strength RNG.
Also, from the information in your question, I'm not convinced that brute-force is the attack you need to worry about; I'd be more concerned with the "get access to their laptop and try every image on their hard drive" attack.
My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
â Mike Ounsworth
1 hour ago
Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
â Mike Ounsworth
1 hour ago
Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
â Daniel Esteban Ladino Torres
5 mins ago
add a comment |Â
up vote
2
down vote
Any cryptosystem should have keys with keysizes at the 128, 192, and 256 bit-of-entropy security levels.
So the question comes back to you: where are these images coming from and how much entropy do they contain? If they are completely random bit streams that are being interpreted as an image, then (ignoring entropy loss from lossy compression codecs), you get log_base2(256x256x256) = 24 bits of entropy per pixel
, so you'd need 6 / 8 / 11 pixels respectively for the 128 / 192 / 256 bit security strengths.
If you're not generating completely random images and instead allowing people to use, like, photos, then I have no idea how you'd even begin estimating the amount of entropy in one of those.
Bottom line: using images as key material seems like a really odd thing to do and conflicts with the common practice that key material be completely random data from a cryptographic-strength RNG.
Also, from the information in your question, I'm not convinced that brute-force is the attack you need to worry about; I'd be more concerned with the "get access to their laptop and try every image on their hard drive" attack.
My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
â Mike Ounsworth
1 hour ago
Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
â Mike Ounsworth
1 hour ago
Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
â Daniel Esteban Ladino Torres
5 mins ago
add a comment |Â
up vote
2
down vote
up vote
2
down vote
Any cryptosystem should have keys with keysizes at the 128, 192, and 256 bit-of-entropy security levels.
So the question comes back to you: where are these images coming from and how much entropy do they contain? If they are completely random bit streams that are being interpreted as an image, then (ignoring entropy loss from lossy compression codecs), you get log_base2(256x256x256) = 24 bits of entropy per pixel
, so you'd need 6 / 8 / 11 pixels respectively for the 128 / 192 / 256 bit security strengths.
If you're not generating completely random images and instead allowing people to use, like, photos, then I have no idea how you'd even begin estimating the amount of entropy in one of those.
Bottom line: using images as key material seems like a really odd thing to do and conflicts with the common practice that key material be completely random data from a cryptographic-strength RNG.
Also, from the information in your question, I'm not convinced that brute-force is the attack you need to worry about; I'd be more concerned with the "get access to their laptop and try every image on their hard drive" attack.
Any cryptosystem should have keys with keysizes at the 128, 192, and 256 bit-of-entropy security levels.
So the question comes back to you: where are these images coming from and how much entropy do they contain? If they are completely random bit streams that are being interpreted as an image, then (ignoring entropy loss from lossy compression codecs), you get log_base2(256x256x256) = 24 bits of entropy per pixel
, so you'd need 6 / 8 / 11 pixels respectively for the 128 / 192 / 256 bit security strengths.
If you're not generating completely random images and instead allowing people to use, like, photos, then I have no idea how you'd even begin estimating the amount of entropy in one of those.
Bottom line: using images as key material seems like a really odd thing to do and conflicts with the common practice that key material be completely random data from a cryptographic-strength RNG.
Also, from the information in your question, I'm not convinced that brute-force is the attack you need to worry about; I'd be more concerned with the "get access to their laptop and try every image on their hard drive" attack.
edited 1 hour ago
answered 1 hour ago
Mike Ounsworth
36.9k1486131
36.9k1486131
My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
â Mike Ounsworth
1 hour ago
Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
â Mike Ounsworth
1 hour ago
Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
â Daniel Esteban Ladino Torres
5 mins ago
add a comment |Â
My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
â Mike Ounsworth
1 hour ago
Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
â Mike Ounsworth
1 hour ago
Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
â Daniel Esteban Ladino Torres
5 mins ago
My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
â Daniel Esteban Ladino Torres
1 hour ago
My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
â Mike Ounsworth
1 hour ago
@DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
â Mike Ounsworth
1 hour ago
Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
â Daniel Esteban Ladino Torres
1 hour ago
Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
â Daniel Esteban Ladino Torres
1 hour ago
@DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
â Mike Ounsworth
1 hour ago
@DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
â Mike Ounsworth
1 hour ago
Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
â Daniel Esteban Ladino Torres
5 mins ago
Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
â Daniel Esteban Ladino Torres
5 mins ago
add a comment |Â
up vote
1
down vote
There are a lot of problems with this approach even before looking at the entropy involved.
Even though there is no background included, there are probably issues below that will trip you up.
- How does the user provide the image to the system in a rigorous way?
- Using a url to retrieve the image requires (secure dns/network/pki and probably cache).
- Does the user need to warrant that the image is the same? (a lot of encoding change can be made in an image before it looks different to the user).
- What if the user has eyesight issues/monochrome monitor?
- What if system has a compromised display subsystem (to grab image or alter image).
- Maybe all you need is a secure hash of the image anyway.
add a comment |Â
up vote
1
down vote
There are a lot of problems with this approach even before looking at the entropy involved.
Even though there is no background included, there are probably issues below that will trip you up.
- How does the user provide the image to the system in a rigorous way?
- Using a url to retrieve the image requires (secure dns/network/pki and probably cache).
- Does the user need to warrant that the image is the same? (a lot of encoding change can be made in an image before it looks different to the user).
- What if the user has eyesight issues/monochrome monitor?
- What if system has a compromised display subsystem (to grab image or alter image).
- Maybe all you need is a secure hash of the image anyway.
add a comment |Â
up vote
1
down vote
up vote
1
down vote
There are a lot of problems with this approach even before looking at the entropy involved.
Even though there is no background included, there are probably issues below that will trip you up.
- How does the user provide the image to the system in a rigorous way?
- Using a url to retrieve the image requires (secure dns/network/pki and probably cache).
- Does the user need to warrant that the image is the same? (a lot of encoding change can be made in an image before it looks different to the user).
- What if the user has eyesight issues/monochrome monitor?
- What if system has a compromised display subsystem (to grab image or alter image).
- Maybe all you need is a secure hash of the image anyway.
There are a lot of problems with this approach even before looking at the entropy involved.
Even though there is no background included, there are probably issues below that will trip you up.
- How does the user provide the image to the system in a rigorous way?
- Using a url to retrieve the image requires (secure dns/network/pki and probably cache).
- Does the user need to warrant that the image is the same? (a lot of encoding change can be made in an image before it looks different to the user).
- What if the user has eyesight issues/monochrome monitor?
- What if system has a compromised display subsystem (to grab image or alter image).
- Maybe all you need is a secure hash of the image anyway.
answered 3 mins ago
Andrew Russell
2,82411428
2,82411428
add a comment |Â
add a comment |Â
up vote
0
down vote
I think for encryption AES is recommended 16, 24 or 32 bytes key length (probably 32 bytes is the best option). However this depends a bit on the library you choose, but you can start by using that lengths in your research and keep us up to date on your research.
add a comment |Â
up vote
0
down vote
I think for encryption AES is recommended 16, 24 or 32 bytes key length (probably 32 bytes is the best option). However this depends a bit on the library you choose, but you can start by using that lengths in your research and keep us up to date on your research.
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I think for encryption AES is recommended 16, 24 or 32 bytes key length (probably 32 bytes is the best option). However this depends a bit on the library you choose, but you can start by using that lengths in your research and keep us up to date on your research.
I think for encryption AES is recommended 16, 24 or 32 bytes key length (probably 32 bytes is the best option). However this depends a bit on the library you choose, but you can start by using that lengths in your research and keep us up to date on your research.
answered 1 hour ago
camp0
53035
53035
add a comment |Â
add a comment |Â
Daniel Esteban Ladino Torres is a new contributor. Be nice, and check out our Code of Conduct.
Daniel Esteban Ladino Torres is a new contributor. Be nice, and check out our Code of Conduct.
Daniel Esteban Ladino Torres is a new contributor. Be nice, and check out our Code of Conduct.
Daniel Esteban Ladino Torres is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197070%2fwhat-would-be-the-key-size-for-a-picture-used-as-a-key%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
3
Why would you want to use a picture as an encryption key?
â Anders
1 hour ago