20 characters will already give you more than 128 bits of strength which is more than sufficient (encryption in WinRAR is AES-128 anyway). I'd also like to note that 64-char random password is an overkill. Using those figures you can actually estimate what length of a random password is sufficient for your purposes (e.g. For WinRAR that figure is much lower and will likely be below 50'000 passwords/sec per GPU. If you need some numbers, you can assume one modern GPU can deliver about one million passwords per second. For WinZIP actual speed will depend on ZIP file format older formats used weak encryption and weak key derivation later formats are much better in that respect. In particular, WinRAR uses scheme where number of effective SHA-1 iterations depends on length of the password (longer passwords yield more iterations), and WinZIP uses PBKDF2-based function, IIRC. Modern versions of WinZIP and WinRAR employ fairly slow key derivation in order to combat password guessing attacks.
0 kommentar(er)
