Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ...

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: Fri, 6 Apr 2012 10:44:03 -0700

On Fri, Apr 6, 2012 at 8:09 AM, Greg Hudson <ghudson_at_mit.edu> wrote:
> I also want to caution that PBKDF2 does not provide strong protection
> against offline dictionary attacks. Most cryptographic methods provide
> exponential protection--I do a little bit more work to make you do twice
> as much work. PBKDF2 provides only linear protection--I do twice as
> much work to make you do twice as much work. It does not make
> dictionary attacks "impossible" in the same sense that AES-128 makes
> decryption without knowing the key "impossible".

Is it worth looking at scrypt[1] instead of PBKDF2? -- justin

1. http://www.tarsnap.com/scrypt.html
Received on 2012-04-06 19:44:37 CEST

This message: [ Message body ]
Next message: Hyrum K Wright: "Re: buildbot failure in ASF Buildbot on svn-x64-ubuntu-gcc"
Previous message: Branko ÄŒibej: "Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ..."
In reply to: Greg Hudson: "Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ..."
Next in thread: Greg Hudson: "Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ..."
Reply: Greg Hudson: "Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ..."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]