Index

People get that long passwords with many different characters are safer. Short password = bad, long password = good.

Humans are good at making analogies, a lot of us think that long keys are better than short ones. A crypto-system with 1024 bits keys is safer than one with 256 bits keys, right?

YES! Yes, if “everything else is equal”. If you know a little bit of cryptography, you know there’s a lot more in a crypto-system’s security than its key length. Passwords are much weaker than keys, most passwords are problably weaker than a 32 bits random key.

Marketers uses our –correct– assumption that more bits in the key add much security to sell us insecure products with very long keys. Something true makes us believe something wrong. 10 years ago I believed that long keys significantly improved security. I should be more wary of all those areas I don’t know much about. If I make an analogy with cryptography: my lack of knowledge will make me believe wrong things :)