[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ...

From: Justin Erenkrantz <justin_at_erenkrantz.com>
Date: Fri, 6 Apr 2012 10:44:03 -0700

On Fri, Apr 6, 2012 at 8:09 AM, Greg Hudson <ghudson_at_mit.edu> wrote:
> I also want to caution that PBKDF2 does not provide strong protection
> against offline dictionary attacks.  Most cryptographic methods provide
> exponential protection--I do a little bit more work to make you do twice
> as much work.  PBKDF2 provides only linear protection--I do twice as
> much work to make you do twice as much work.  It does not make
> dictionary attacks "impossible" in the same sense that AES-128 makes
> decryption without knowing the key "impossible".

Is it worth looking at scrypt[1] instead of PBKDF2? -- justin

1. http://www.tarsnap.com/scrypt.html
Received on 2012-04-06 19:44:37 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.