[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Master passphrase approach, authn storage, cobwebs in C-Mike's head, ...

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: Fri, 06 Apr 2012 15:34:36 -0400

On 04/06/2012 01:44 PM, Justin Erenkrantz wrote:
> On Fri, Apr 6, 2012 at 8:09 AM, Greg Hudson <ghudson_at_mit.edu> wrote:
>> I also want to caution that PBKDF2 does not provide strong protection
>> against offline dictionary attacks. Most cryptographic methods provide
>> exponential protection--I do a little bit more work to make you do twice
>> as much work. PBKDF2 provides only linear protection--I do twice as
>> much work to make you do twice as much work. It does not make
>> dictionary attacks "impossible" in the same sense that AES-128 makes
>> decryption without knowing the key "impossible".
>
> Is it worth looking at scrypt[1] instead of PBKDF2? -- justin

Possibly. It depends on whether you care about things like NIST review
(PBKDF2 is recommended in NIST SP 800-132) versus the theoretical
advantages of a less heavily scrutinized algorithm. That's always a
tough choice.

The fundamental nature of scrypt isn't different from the fundamental
nature of PBKDF2; both seek to add a fixed multiplier to the cost of
both the legitimate user and the attacker. scrypt is designed to make
it more difficult to use massively parallel hardware to mount the
attack, by requiring more memory (if I skimmed the paper correctly).
Received on 2012-04-06 21:35:17 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.