What would be the key size for a picture used as a key?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I'm working on a cryptosystem that uses colour pictures as keys for encryption. I'm trying to guess what is the key size of my cryptosystem in order to find the feasibility of a brute force attack. My cryptosystem uses RGB pictures of any size M x N.



The picture is also generated by a chaotic attractor which is sensible to initial values, so each picture generated is different. These pictures are an example:



enter image description here



I haven't found a paper that tries to do the same calculation yet. Any idea on what the key size is?










share|improve this question









New contributor




Daniel Esteban Ladino Torres is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 3




    Why would you want to use a picture as an encryption key?
    – Anders
    1 hour ago














up vote
1
down vote

favorite












I'm working on a cryptosystem that uses colour pictures as keys for encryption. I'm trying to guess what is the key size of my cryptosystem in order to find the feasibility of a brute force attack. My cryptosystem uses RGB pictures of any size M x N.



The picture is also generated by a chaotic attractor which is sensible to initial values, so each picture generated is different. These pictures are an example:



enter image description here



I haven't found a paper that tries to do the same calculation yet. Any idea on what the key size is?










share|improve this question









New contributor




Daniel Esteban Ladino Torres is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.















  • 3




    Why would you want to use a picture as an encryption key?
    – Anders
    1 hour ago












up vote
1
down vote

favorite









up vote
1
down vote

favorite











I'm working on a cryptosystem that uses colour pictures as keys for encryption. I'm trying to guess what is the key size of my cryptosystem in order to find the feasibility of a brute force attack. My cryptosystem uses RGB pictures of any size M x N.



The picture is also generated by a chaotic attractor which is sensible to initial values, so each picture generated is different. These pictures are an example:



enter image description here



I haven't found a paper that tries to do the same calculation yet. Any idea on what the key size is?










share|improve this question









New contributor




Daniel Esteban Ladino Torres is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











I'm working on a cryptosystem that uses colour pictures as keys for encryption. I'm trying to guess what is the key size of my cryptosystem in order to find the feasibility of a brute force attack. My cryptosystem uses RGB pictures of any size M x N.



The picture is also generated by a chaotic attractor which is sensible to initial values, so each picture generated is different. These pictures are an example:



enter image description here



I haven't found a paper that tries to do the same calculation yet. Any idea on what the key size is?







encryption cryptography brute-force






share|improve this question









New contributor




Daniel Esteban Ladino Torres is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




Daniel Esteban Ladino Torres is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 1 min ago





















New contributor




Daniel Esteban Ladino Torres is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 2 hours ago









Daniel Esteban Ladino Torres

61




61




New contributor




Daniel Esteban Ladino Torres is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Daniel Esteban Ladino Torres is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Daniel Esteban Ladino Torres is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.







  • 3




    Why would you want to use a picture as an encryption key?
    – Anders
    1 hour ago












  • 3




    Why would you want to use a picture as an encryption key?
    – Anders
    1 hour ago







3




3




Why would you want to use a picture as an encryption key?
– Anders
1 hour ago




Why would you want to use a picture as an encryption key?
– Anders
1 hour ago










4 Answers
4






active

oldest

votes

















up vote
3
down vote













A picture is far too large to use as an encryption key directly, you'll want to run it through a KDF first.



It also depends entirely on the picture whether it will have enough entropy to be useful. You could have a 1000x1000 image that's solid white, but it would be useless as a key as it contains no entropy. Pictures from cameras tend to have a fair amount of entropy in the lower bits, so that could be ok, but your users would need to understand that not just any picture is a good key.



Pictures as keys is in general not a great idea. Pictures are usually taken to be shared, and keys are something you don't want to show to everyone. Using a picture as a key also sounds to me like it could be relying on security through obscurity (i.e. you just use an image from the thousands you have on your computer, but that's effectively very low entropy, probably under 20 bits unless you have an insane number of pictures).



Feel free to continue developing this for the sake of learning, but until you have a much better grasp of cryptography it's better to leave this sort of thing to the experts (see Why shouldn't we roll our own?).






share|improve this answer




















  • I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
    – Daniel Esteban Ladino Torres
    1 hour ago










  • @DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
    – user2357112
    3 mins ago

















up vote
2
down vote













Any cryptosystem should have keys with keysizes at the 128, 192, and 256 bit-of-entropy security levels.



So the question comes back to you: where are these images coming from and how much entropy do they contain? If they are completely random bit streams that are being interpreted as an image, then (ignoring entropy loss from lossy compression codecs), you get log_base2(256x256x256) = 24 bits of entropy per pixel, so you'd need 6 / 8 / 11 pixels respectively for the 128 / 192 / 256 bit security strengths.



If you're not generating completely random images and instead allowing people to use, like, photos, then I have no idea how you'd even begin estimating the amount of entropy in one of those.




Bottom line: using images as key material seems like a really odd thing to do and conflicts with the common practice that key material be completely random data from a cryptographic-strength RNG.



Also, from the information in your question, I'm not convinced that brute-force is the attack you need to worry about; I'd be more concerned with the "get access to their laptop and try every image on their hard drive" attack.






share|improve this answer






















  • My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
    – Daniel Esteban Ladino Torres
    1 hour ago










  • @DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
    – Mike Ounsworth
    1 hour ago










  • Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
    – Daniel Esteban Ladino Torres
    1 hour ago











  • @DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
    – Mike Ounsworth
    1 hour ago










  • Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
    – Daniel Esteban Ladino Torres
    7 mins ago

















up vote
1
down vote













There are a lot of problems with this approach even before looking at the entropy involved.



Even though there is no background included, there are probably issues below that will trip you up.



  1. How does the user provide the image to the system in a rigorous way?

  2. Using a url to retrieve the image requires (secure dns/network/pki and probably cache).

  3. Does the user need to warrant that the image is the same? (a lot of encoding change can be made in an image before it looks different to the user).

  4. What if the user has eyesight issues/monochrome monitor?

  5. What if system has a compromised display subsystem (to grab image or alter image).

  6. Maybe all you need is a secure hash of the image anyway.




share



























    up vote
    0
    down vote













    I think for encryption AES is recommended 16, 24 or 32 bytes key length (probably 32 bytes is the best option). However this depends a bit on the library you choose, but you can start by using that lengths in your research and keep us up to date on your research.






    share|improve this answer




















      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "162"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );






      Daniel Esteban Ladino Torres is a new contributor. Be nice, and check out our Code of Conduct.









       

      draft saved


      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197070%2fwhat-would-be-the-key-size-for-a-picture-used-as-a-key%23new-answer', 'question_page');

      );

      Post as a guest






























      4 Answers
      4






      active

      oldest

      votes








      4 Answers
      4






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      3
      down vote













      A picture is far too large to use as an encryption key directly, you'll want to run it through a KDF first.



      It also depends entirely on the picture whether it will have enough entropy to be useful. You could have a 1000x1000 image that's solid white, but it would be useless as a key as it contains no entropy. Pictures from cameras tend to have a fair amount of entropy in the lower bits, so that could be ok, but your users would need to understand that not just any picture is a good key.



      Pictures as keys is in general not a great idea. Pictures are usually taken to be shared, and keys are something you don't want to show to everyone. Using a picture as a key also sounds to me like it could be relying on security through obscurity (i.e. you just use an image from the thousands you have on your computer, but that's effectively very low entropy, probably under 20 bits unless you have an insane number of pictures).



      Feel free to continue developing this for the sake of learning, but until you have a much better grasp of cryptography it's better to leave this sort of thing to the experts (see Why shouldn't we roll our own?).






      share|improve this answer




















      • I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
        – Daniel Esteban Ladino Torres
        1 hour ago










      • @DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
        – user2357112
        3 mins ago














      up vote
      3
      down vote













      A picture is far too large to use as an encryption key directly, you'll want to run it through a KDF first.



      It also depends entirely on the picture whether it will have enough entropy to be useful. You could have a 1000x1000 image that's solid white, but it would be useless as a key as it contains no entropy. Pictures from cameras tend to have a fair amount of entropy in the lower bits, so that could be ok, but your users would need to understand that not just any picture is a good key.



      Pictures as keys is in general not a great idea. Pictures are usually taken to be shared, and keys are something you don't want to show to everyone. Using a picture as a key also sounds to me like it could be relying on security through obscurity (i.e. you just use an image from the thousands you have on your computer, but that's effectively very low entropy, probably under 20 bits unless you have an insane number of pictures).



      Feel free to continue developing this for the sake of learning, but until you have a much better grasp of cryptography it's better to leave this sort of thing to the experts (see Why shouldn't we roll our own?).






      share|improve this answer




















      • I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
        – Daniel Esteban Ladino Torres
        1 hour ago










      • @DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
        – user2357112
        3 mins ago












      up vote
      3
      down vote










      up vote
      3
      down vote









      A picture is far too large to use as an encryption key directly, you'll want to run it through a KDF first.



      It also depends entirely on the picture whether it will have enough entropy to be useful. You could have a 1000x1000 image that's solid white, but it would be useless as a key as it contains no entropy. Pictures from cameras tend to have a fair amount of entropy in the lower bits, so that could be ok, but your users would need to understand that not just any picture is a good key.



      Pictures as keys is in general not a great idea. Pictures are usually taken to be shared, and keys are something you don't want to show to everyone. Using a picture as a key also sounds to me like it could be relying on security through obscurity (i.e. you just use an image from the thousands you have on your computer, but that's effectively very low entropy, probably under 20 bits unless you have an insane number of pictures).



      Feel free to continue developing this for the sake of learning, but until you have a much better grasp of cryptography it's better to leave this sort of thing to the experts (see Why shouldn't we roll our own?).






      share|improve this answer












      A picture is far too large to use as an encryption key directly, you'll want to run it through a KDF first.



      It also depends entirely on the picture whether it will have enough entropy to be useful. You could have a 1000x1000 image that's solid white, but it would be useless as a key as it contains no entropy. Pictures from cameras tend to have a fair amount of entropy in the lower bits, so that could be ok, but your users would need to understand that not just any picture is a good key.



      Pictures as keys is in general not a great idea. Pictures are usually taken to be shared, and keys are something you don't want to show to everyone. Using a picture as a key also sounds to me like it could be relying on security through obscurity (i.e. you just use an image from the thousands you have on your computer, but that's effectively very low entropy, probably under 20 bits unless you have an insane number of pictures).



      Feel free to continue developing this for the sake of learning, but until you have a much better grasp of cryptography it's better to leave this sort of thing to the experts (see Why shouldn't we roll our own?).







      share|improve this answer












      share|improve this answer



      share|improve this answer










      answered 1 hour ago









      AndrolGenhald

      8,08941728




      8,08941728











      • I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
        – Daniel Esteban Ladino Torres
        1 hour ago










      • @DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
        – user2357112
        3 mins ago
















      • I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
        – Daniel Esteban Ladino Torres
        1 hour ago










      • @DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
        – user2357112
        3 mins ago















      I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
      – Daniel Esteban Ladino Torres
      1 hour ago




      I get you point, my bad I didn't mention which kind of picture I'm using as a key, actually I'm using 3d images generated from a chaotic attractor, such as the quaternion julia set.
      – Daniel Esteban Ladino Torres
      1 hour ago












      @DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
      – user2357112
      3 mins ago




      @DanielEstebanLadinoTorres: That's as low-entropy as the amount of entropy that gets fed into your generation process, which is probably far too low to be safe.
      – user2357112
      3 mins ago












      up vote
      2
      down vote













      Any cryptosystem should have keys with keysizes at the 128, 192, and 256 bit-of-entropy security levels.



      So the question comes back to you: where are these images coming from and how much entropy do they contain? If they are completely random bit streams that are being interpreted as an image, then (ignoring entropy loss from lossy compression codecs), you get log_base2(256x256x256) = 24 bits of entropy per pixel, so you'd need 6 / 8 / 11 pixels respectively for the 128 / 192 / 256 bit security strengths.



      If you're not generating completely random images and instead allowing people to use, like, photos, then I have no idea how you'd even begin estimating the amount of entropy in one of those.




      Bottom line: using images as key material seems like a really odd thing to do and conflicts with the common practice that key material be completely random data from a cryptographic-strength RNG.



      Also, from the information in your question, I'm not convinced that brute-force is the attack you need to worry about; I'd be more concerned with the "get access to their laptop and try every image on their hard drive" attack.






      share|improve this answer






















      • My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
        – Daniel Esteban Ladino Torres
        1 hour ago










      • @DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
        – Mike Ounsworth
        1 hour ago










      • Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
        – Daniel Esteban Ladino Torres
        1 hour ago











      • @DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
        – Mike Ounsworth
        1 hour ago










      • Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
        – Daniel Esteban Ladino Torres
        7 mins ago














      up vote
      2
      down vote













      Any cryptosystem should have keys with keysizes at the 128, 192, and 256 bit-of-entropy security levels.



      So the question comes back to you: where are these images coming from and how much entropy do they contain? If they are completely random bit streams that are being interpreted as an image, then (ignoring entropy loss from lossy compression codecs), you get log_base2(256x256x256) = 24 bits of entropy per pixel, so you'd need 6 / 8 / 11 pixels respectively for the 128 / 192 / 256 bit security strengths.



      If you're not generating completely random images and instead allowing people to use, like, photos, then I have no idea how you'd even begin estimating the amount of entropy in one of those.




      Bottom line: using images as key material seems like a really odd thing to do and conflicts with the common practice that key material be completely random data from a cryptographic-strength RNG.



      Also, from the information in your question, I'm not convinced that brute-force is the attack you need to worry about; I'd be more concerned with the "get access to their laptop and try every image on their hard drive" attack.






      share|improve this answer






















      • My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
        – Daniel Esteban Ladino Torres
        1 hour ago










      • @DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
        – Mike Ounsworth
        1 hour ago










      • Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
        – Daniel Esteban Ladino Torres
        1 hour ago











      • @DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
        – Mike Ounsworth
        1 hour ago










      • Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
        – Daniel Esteban Ladino Torres
        7 mins ago












      up vote
      2
      down vote










      up vote
      2
      down vote









      Any cryptosystem should have keys with keysizes at the 128, 192, and 256 bit-of-entropy security levels.



      So the question comes back to you: where are these images coming from and how much entropy do they contain? If they are completely random bit streams that are being interpreted as an image, then (ignoring entropy loss from lossy compression codecs), you get log_base2(256x256x256) = 24 bits of entropy per pixel, so you'd need 6 / 8 / 11 pixels respectively for the 128 / 192 / 256 bit security strengths.



      If you're not generating completely random images and instead allowing people to use, like, photos, then I have no idea how you'd even begin estimating the amount of entropy in one of those.




      Bottom line: using images as key material seems like a really odd thing to do and conflicts with the common practice that key material be completely random data from a cryptographic-strength RNG.



      Also, from the information in your question, I'm not convinced that brute-force is the attack you need to worry about; I'd be more concerned with the "get access to their laptop and try every image on their hard drive" attack.






      share|improve this answer














      Any cryptosystem should have keys with keysizes at the 128, 192, and 256 bit-of-entropy security levels.



      So the question comes back to you: where are these images coming from and how much entropy do they contain? If they are completely random bit streams that are being interpreted as an image, then (ignoring entropy loss from lossy compression codecs), you get log_base2(256x256x256) = 24 bits of entropy per pixel, so you'd need 6 / 8 / 11 pixels respectively for the 128 / 192 / 256 bit security strengths.



      If you're not generating completely random images and instead allowing people to use, like, photos, then I have no idea how you'd even begin estimating the amount of entropy in one of those.




      Bottom line: using images as key material seems like a really odd thing to do and conflicts with the common practice that key material be completely random data from a cryptographic-strength RNG.



      Also, from the information in your question, I'm not convinced that brute-force is the attack you need to worry about; I'd be more concerned with the "get access to their laptop and try every image on their hard drive" attack.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited 1 hour ago

























      answered 1 hour ago









      Mike Ounsworth

      36.9k1486131




      36.9k1486131











      • My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
        – Daniel Esteban Ladino Torres
        1 hour ago










      • @DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
        – Mike Ounsworth
        1 hour ago










      • Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
        – Daniel Esteban Ladino Torres
        1 hour ago











      • @DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
        – Mike Ounsworth
        1 hour ago










      • Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
        – Daniel Esteban Ladino Torres
        7 mins ago
















      • My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
        – Daniel Esteban Ladino Torres
        1 hour ago










      • @DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
        – Mike Ounsworth
        1 hour ago










      • Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
        – Daniel Esteban Ladino Torres
        1 hour ago











      • @DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
        – Mike Ounsworth
        1 hour ago










      • Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
        – Daniel Esteban Ladino Torres
        7 mins ago















      My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
      – Daniel Esteban Ladino Torres
      1 hour ago




      My bad, i'm using quaternion julia sets to generate the image, since they are sensible to initial conditions. So the pictures are like 3D shapes
      – Daniel Esteban Ladino Torres
      1 hour ago












      @DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
      – Mike Ounsworth
      1 hour ago




      @DanielEstebanLadinoTorres I have no idea what that means in terms of entropy. Link?
      – Mike Ounsworth
      1 hour ago












      Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
      – Daniel Esteban Ladino Torres
      1 hour ago





      Ounsorth here is an example: cs.cmu.edu/~kmcrane/Projects/QuaternionJulia/teaser.png cs.cmu.edu/~kmcrane/Projects/QuaternionJulia
      – Daniel Esteban Ladino Torres
      1 hour ago













      @DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
      – Mike Ounsworth
      1 hour ago




      @DanielEstebanLadinoTorres Hmm, how strong are your statistics skills? The question here is basically "On average, how many do you need to generate before you get two identical?" Once you know how to estimate that, then you're free to adjust image size, complexity of the shape, etc so that you can safely generate 2^128 / 2^192 / 2^256 before you get a collision, and there are no exploitable short-cuts that an attacker can take to reduce how many guesses.
      – Mike Ounsworth
      1 hour ago












      Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
      – Daniel Esteban Ladino Torres
      7 mins ago




      Well my statistics skills are just average, but i get your point, i'll keep it in mind, now i'll just focus on the entropy of the chaotic attractor. Thanks for your help!
      – Daniel Esteban Ladino Torres
      7 mins ago










      up vote
      1
      down vote













      There are a lot of problems with this approach even before looking at the entropy involved.



      Even though there is no background included, there are probably issues below that will trip you up.



      1. How does the user provide the image to the system in a rigorous way?

      2. Using a url to retrieve the image requires (secure dns/network/pki and probably cache).

      3. Does the user need to warrant that the image is the same? (a lot of encoding change can be made in an image before it looks different to the user).

      4. What if the user has eyesight issues/monochrome monitor?

      5. What if system has a compromised display subsystem (to grab image or alter image).

      6. Maybe all you need is a secure hash of the image anyway.




      share
























        up vote
        1
        down vote













        There are a lot of problems with this approach even before looking at the entropy involved.



        Even though there is no background included, there are probably issues below that will trip you up.



        1. How does the user provide the image to the system in a rigorous way?

        2. Using a url to retrieve the image requires (secure dns/network/pki and probably cache).

        3. Does the user need to warrant that the image is the same? (a lot of encoding change can be made in an image before it looks different to the user).

        4. What if the user has eyesight issues/monochrome monitor?

        5. What if system has a compromised display subsystem (to grab image or alter image).

        6. Maybe all you need is a secure hash of the image anyway.




        share






















          up vote
          1
          down vote










          up vote
          1
          down vote









          There are a lot of problems with this approach even before looking at the entropy involved.



          Even though there is no background included, there are probably issues below that will trip you up.



          1. How does the user provide the image to the system in a rigorous way?

          2. Using a url to retrieve the image requires (secure dns/network/pki and probably cache).

          3. Does the user need to warrant that the image is the same? (a lot of encoding change can be made in an image before it looks different to the user).

          4. What if the user has eyesight issues/monochrome monitor?

          5. What if system has a compromised display subsystem (to grab image or alter image).

          6. Maybe all you need is a secure hash of the image anyway.




          share












          There are a lot of problems with this approach even before looking at the entropy involved.



          Even though there is no background included, there are probably issues below that will trip you up.



          1. How does the user provide the image to the system in a rigorous way?

          2. Using a url to retrieve the image requires (secure dns/network/pki and probably cache).

          3. Does the user need to warrant that the image is the same? (a lot of encoding change can be made in an image before it looks different to the user).

          4. What if the user has eyesight issues/monochrome monitor?

          5. What if system has a compromised display subsystem (to grab image or alter image).

          6. Maybe all you need is a secure hash of the image anyway.





          share











          share


          share










          answered 5 mins ago









          Andrew Russell

          2,82411428




          2,82411428




















              up vote
              0
              down vote













              I think for encryption AES is recommended 16, 24 or 32 bytes key length (probably 32 bytes is the best option). However this depends a bit on the library you choose, but you can start by using that lengths in your research and keep us up to date on your research.






              share|improve this answer
























                up vote
                0
                down vote













                I think for encryption AES is recommended 16, 24 or 32 bytes key length (probably 32 bytes is the best option). However this depends a bit on the library you choose, but you can start by using that lengths in your research and keep us up to date on your research.






                share|improve this answer






















                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  I think for encryption AES is recommended 16, 24 or 32 bytes key length (probably 32 bytes is the best option). However this depends a bit on the library you choose, but you can start by using that lengths in your research and keep us up to date on your research.






                  share|improve this answer












                  I think for encryption AES is recommended 16, 24 or 32 bytes key length (probably 32 bytes is the best option). However this depends a bit on the library you choose, but you can start by using that lengths in your research and keep us up to date on your research.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered 1 hour ago









                  camp0

                  53035




                  53035




















                      Daniel Esteban Ladino Torres is a new contributor. Be nice, and check out our Code of Conduct.









                       

                      draft saved


                      draft discarded


















                      Daniel Esteban Ladino Torres is a new contributor. Be nice, and check out our Code of Conduct.












                      Daniel Esteban Ladino Torres is a new contributor. Be nice, and check out our Code of Conduct.











                      Daniel Esteban Ladino Torres is a new contributor. Be nice, and check out our Code of Conduct.













                       


                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f197070%2fwhat-would-be-the-key-size-for-a-picture-used-as-a-key%23new-answer', 'question_page');

                      );

                      Post as a guest













































































                      Comments

                      Popular posts from this blog

                      What does second last employer means? [closed]

                      Installing NextGIS Connect into QGIS 3?

                      One-line joke