0 votes
by (180 points)

We need to determine a key (password) length for the XTS Stream. We are using synchronous encryption, so we are using a password for encryption. What is the ideal length for the password, so it matches the underlying encryption technique?

1 Answer

0 votes
by (141k points)

We do not use the password in its original form. Instead, we pass it along with a randomly-generated salt value (which is stored as first 40 bytes of an encrypted file) to PBKDF2 key derivation algorithm and then we derive the actual key from it. This means that any password length that is not too short is perfectly suitable. On the other hand, passwords that are too long are fine too, although not really necessary.